CVE-2022-3024

Published: Sep 26, 2022Modified: May 22, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

Affected (1)

Products: Simple Bitcoin Faucets Project: Simple Bitcoin Faucets

Simple Bitcoin Faucets Project

1 product

Simple Bitcoin Faucets

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Simple Bitcoin Faucets Project Simple Bitcoin Faucets	Up to 1.7.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://wpscan.com/vulnerability/7f43cb8e-0c1b-4528-8c5c-b81ab42778dc

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/7f43cb8e-0c1b-4528-8c5c-b81ab42778dc

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.