CVE-2022-3025 – Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF

https://notcve.org/view.php?id=CVE-2022-3025

31 Aug 2022 — The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues El plugin Bitcoin / Altcoin Faucet de WordPress versiones hasta 1.6.0, no presenta ninguna comprobación de tipo CSRF cuando guarda sus ajustes, lo que permite a un atacante hacer que un administrador conect... • https://wpscan.com/vulnerability/66bc783b-67e1-4bd0-99c0-322873b3a22a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •