๐Ÿ” CVE Alert

CVE-2025-11771

MEDIUM 5.3

Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO <= 2.4.7 - Missing Authentication to Unauthenticated Presale Update

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'createSaleRecord' function in all versions up to, and including, 2.4.7. This makes it possible for unauthenticated attackers to manipulate presales counters.

CWE CWE-306
Vendor beycanpress
Product cryptocurrency (token), launchpad (presale), ico & ido, airdrop by tokenico
Published Nov 21, 2025
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for beycanpress cryptocurrency (token), launchpad (presale), ico & ido, airdrop by tokenico

Be the first to know when new medium vulnerabilities affecting beycanpress cryptocurrency (token), launchpad (presale), ico & ido, airdrop by tokenico are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

beycanpress / Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO
0 โ‰ค 2.4.7

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/c5c5793f-4d98-4ec1-a9b6-6e7c3f8b6099?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop/tags/2.4.6/app/RestAPI.php#L275 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3449189%40tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop&new=3449189%40tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop&sfp_email=&sfph_mail=

Credits

Jonas Benjamin Friedli