Lucene search
WPScanCVE-2022-4552HistoryJan 30, 2023 - 9:15 p.m.
CVE-2022-4552
2023-01-3021:15:11
WPScan
web.nvd.nist.gov
22
cve-2022-4552
fl3r feelbox
wordpress plugin
csrf
stored xss
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
34.7%
The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
Affected configurations
Node
fl3r_feelbox_projectfl3r_feelboxRange≤8.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fl3r_feelbox_project | fl3r_feelbox | * | cpe:2.3:a:fl3r_feelbox_project:fl3r_feelbox:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "FL3R FeelBox",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "8.1"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpexploit
wpexploit
FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS
2023-01-04 00:00:00
wpvulndb
wpvulndb
FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS
2023-01-04 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-01-30 21:15:00
cvelist
cvelist
CVE-2022-4552 FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS
2023-01-30 20:31:51
nvd
nvd
CVE-2022-4552
2023-01-30 21:15:11
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
34.7%
Related for CVE-2022-4552