CVE-2022-3024

Name of the Vulnerable Software and Affected Versions The Simple Bitcoin Faucets WordPress plugin versions 1.7.0 and earlier

Description The issue is related to the lack of authorisation and CSRF in an AJAX action, allowing any authenticated users to call it and add/delete/edit Bonds. This could also lead to Stored Cross-Site Scripting issues due to the lack of sanitisation and escaping.

Recommendations For versions 1.7.0 and earlier, update to a version that includes proper authorisation and CSRF protection in AJAX actions, and ensure that user input is properly sanitised and escaped to prevent Stored Cross-Site Scripting issues. As a temporary workaround, consider restricting access to the AJAX action to prevent exploitation until a patch is available.