Vulnerabilities and security researches fortokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop

Dec 11, 2025

CVE, Research URL: CVE-2025-11771
Home page URL: Security reports for Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO
Application: Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO
Date: Nov 21, 2025
Research Description: The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'createSaleRecord' function in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to manipulate presales counters.
Affected versions: max 2.4.6.
Status: vulnerable

CVE, Research URL: CVE-2025-11773
Home page URL: Security reports for Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO
Application: Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO
Date: Nov 21, 2025
Research Description: The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveDeployedContract' function in all versions up to, and including, 2.4.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the WordPress option `tokenico_deployed_contracts`, poisoning the smart contract addresses displayed.
Affected versions: max 2.4.6.
Status: vulnerable