CVE-2022-3025
Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
El plugin Bitcoin / Altcoin Faucet de WordPress versiones hasta 1.6.0, no presenta ninguna comprobación de tipo CSRF cuando guarda sus ajustes, lo que permite a un atacante hacer que un administrador conectado los cambie por medio de un ataque de tipo CSRF. Además, debido a una falta de saneo y escape, también podría conllevar a problemas de tipo Cross-Site Scripting Almacenado.
The Bitcoin / Altcoin Faucet plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Due to lack of sanitization of user input, an attacker may also use this vulnerability to inject malicious JavaScript, that will execute whenever a user accesses an injected page.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-08-29 CVE Reserved
- 2022-08-31 CVE Published
- 2024-04-18 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/66bc783b-67e1-4bd0-99c0-322873b3a22a | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Bitcoin\/altcoin Faucet Project Search vendor "Bitcoin\/altcoin Faucet Project" | Bitcoin\/altcoin Faucet Search vendor "Bitcoin\/altcoin Faucet Project" for product "Bitcoin\/altcoin Faucet" | <= 1.6.0 Search vendor "Bitcoin\/altcoin Faucet Project" for product "Bitcoin\/altcoin Faucet" and version " <= 1.6.0" | wordpress |
Affected
|