Lucene search
HistoryJan 30, 2023 - 9:15 p.m.
CVE-2022-4552
fl3r feelbox
wordpress plugin
csrf
sanitization
vulnerabilities
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
34.7%
The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
Affected configurations
Node
fl3r_feelbox_projectfl3r_feelboxRange≤8.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fl3r_feelbox_project | fl3r_feelbox | * | cpe:2.3:a:fl3r_feelbox_project:fl3r_feelbox:*:*:*:*:*:wordpress:*:* |
Related
wpexploit
wpexploit
FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS
2023-01-04 00:00:00
wpvulndb
wpvulndb
FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS
2023-01-04 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-01-30 21:15:00
cvelist
cvelist
CVE-2022-4552 FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS
2023-01-30 20:31:51
cve
cve
CVE-2022-4552
2023-01-30 21:15:11
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
34.7%
Related for NVD:CVE-2022-4552