CVE-2022-3025

Name of the Vulnerable Software and Affected Versions Bitcoin / Altcoin Faucet WordPress plugin versions prior to 1.6.1

Description The issue concerns a lack of CSRF check when saving settings, allowing an attacker to make a logged-in admin change them via a CSRF attack. Additionally, due to the lack of sanitization and escaping, it could also lead to Stored Cross-Site Scripting issues.

Recommendations For versions prior to 1.6.1, update to version 1.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation.