exploitDog

CVE-2022-3024

Опубликовано: 26 сент. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

Ссылки

https://wpscan.com/vulnerability/7f43cb8e-0c1b-4528-8c5c-b81ab42778dc
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/7f43cb8e-0c1b-4528-8c5c-b81ab42778dc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simple_bitcoin_faucets_project:simple_bitcoin_faucets:*:*:*:*:*:wordpress:*:*

Версия до 1.7.0 (включая)

EPSS

Процентиль: 23%

0.00074

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-m8wj-gc9v-2c82

CVSS3: 5.4

github

больше 3 лет назад

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

EPSS

Процентиль: 23%

0.00074

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-352

CWE-352