CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

RedhatCVE•added 2025/05/23 12:46 a.m.•7 views

CVE-2022-4445

The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS7.2AI score0.0473EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 12:17 a.m.•5 views

CVE-2022-4552

The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.0013EPSS

Exploits2References1

OSV•added 2023/02/13 3:15 p.m.•2 views

CVE-2022-4445

9.8CVSS5.9AI score0.0473EPSS

Exploits2References1

NVD•added 2023/02/13 3:15 p.m.•11 views

CVE-2022-4445

9.8CVSS9.9AI score0.0473EPSS

Exploits2References1

Prion•added 2023/02/13 3:15 p.m.•11 views

Sql injection

7.5CVSS9.8AI score0.0473EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/02/13 2:32 p.m.•20 views

CVE-2022-4445 FL3R FeelBox <= 8.1 - Unauthenticated SQLi

10AI score0.0473EPSS

Exploits2References1

Vulnrichment•added 2023/02/13 2:32 p.m.•7 views

CVE-2022-4445 FL3R FeelBox <= 8.1 - Unauthenticated SQLi

7.5AI score0.0473EPSS

Exploits2References1

CVE•added 2023/02/13 2:32 p.m.•46 views

CVE-2022-4445

CVE-2022-4445 affects the FL3R FeelBox WordPress plugin up to version 8.1. The vulnerability is an unauthenticated SQL injection caused by improper sanitisation/escaping of input in an AJAX action, enabling an attacker to manipulate SQL queries via unauthenticated requests. Public documentation l...

9.8CVSS9.9AI score0.0473EPSS

Exploits2References1Affected Software1

CNNVD•added 2023/02/13 12:0 a.m.•6 views

WordPress plugin FL3R FeelBox SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

9.8CVSS8.6AI score0.0473EPSS

Exploits2References2

NVD•added 2023/01/30 9:15 p.m.•9 views

CVE-2022-4552

6.1CVSS6AI score0.0013EPSS

Exploits2References1

OSV•added 2023/01/30 9:15 p.m.•1 views

CVE-2022-4552

6.1CVSS5.8AI score0.0013EPSS

Exploits2References1

OSV•added 2023/01/30 9:15 p.m.•3 views

CVE-2022-4553

The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydlposts & lydlpoststimestamp DB tables...

4.3CVSS5.8AI score0.00097EPSS

Exploits2References1

Prion•added 2023/01/30 9:15 p.m.•19 views

Cross site request forgery (csrf)

4.3CVSS4.6AI score0.00097EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/01/30 8:31 p.m.•14 views

CVE-2022-4552 FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS

6.1AI score0.0013EPSS

Exploits2References1

CVE•added 2023/01/30 8:31 p.m.•53 views

CVE-2022-4552

The CVE CVE-2022-4552 affects the FL3R FeelBox WordPress plugin (versions up to 8.1). The vulnerability is due to missing CSRF protection on settings updates and lack of input sanitisation/escaping, which could allow a logged-in admin to store XSS payloads via a CSRF attack. Connected sources con...

6.1CVSS5.9AI score0.0013EPSS

Exploits2References1Affected Software1

Vulnrichment•added 2023/01/30 8:31 p.m.•5 views

CVE-2022-4552 FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS

6AI score0.0013EPSS

Exploits2References1

Vulnrichment•added 2023/01/30 8:31 p.m.•7 views

CVE-2022-4553 FL3R FeelBox <= 8.1 - Moods Reset via CSRF

4.5AI score0.00097EPSS

Exploits2References1

Cvelist•added 2023/01/30 8:31 p.m.•18 views

CVE-2022-4553 FL3R FeelBox <= 8.1 - Moods Reset via CSRF