CVE-2022-3025

CVE-2022-3025: Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF

Vendor Unknown

Product Bitcoin / Altcoin Faucet

Weakness CWE-79 · XSS

Published September 26, 2022

Last update May 22, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

Key dates

02Disclosure timeline

September 26, 2022 CVE published

May 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3025 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2022-3025: Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF

01Description

02Disclosure timeline

03References

04Related CVE