CVE-2022-3024
Last modified
CVE-2022-3024 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Simple Bitcoin Faucets Project | Simple Bitcoin Faucets | <= 1.7.0 |
References
- https://wpscan.com/vulnerability/7f43cb8e-0c1b-4528-8c5c-b81ab42778dcExploit, Third Party Advisory
- https://wpscan.com/vulnerability/7f43cb8e-0c1b-4528-8c5c-b81ab42778dcExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-3024?
How severe is CVE-2022-3024?
How do I fix CVE-2022-3024?
Are you affected by CVE-2022-3024?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST