CVE-2025-11771
Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO <= 2.4.7 - Missing Authentication to Unauthenticated Presale Update
The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'createSaleRecord' function in all versions up to, and including, 2.4.7. This makes it possible for unauthenticated attackers to manipulate presales counters.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Produtos afetados
beycanpress · Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICOQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://plugins.trac.wordpress.org/browser/tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop/tags/2.4.6/app/RestAPI.php#L275https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3449189%40tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop&new=3449189%40tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/c5c5793f-4d98-4ec1-a9b6-6e7c3f8b6099?source=cve