Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:483ED482-A1D1-44F6-8B99-56E653D3E45F
HistoryJan 04, 2023 - 12:00 a.m.

FL3R FeelBox <= 8.1 - Moods Reset via CSRF

2023-01-0400:00:00
wpscan.com
9
plugin
csrf
attack
admin
html
db tables

EPSS

0.001

Percentile

33.8%

JSON

The plugin does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables

PoC

Make a logged in admin open a page containing the HTML code below

Related

prion 1
cve 1
nvd 1
cvelist 1
wpexploit 1
prion
prion
Cross site request forgery (csrf)
2023-01-30 21:15:00
cve
cve
CVE-2022-4553
2023-01-30 21:15:11
nvd
nvd
CVE-2022-4553
2023-01-30 21:15:11
cvelist
cvelist
CVE-2022-4553 FL3R FeelBox <= 8.1 - Moods Reset via CSRF
2023-01-30 20:31:44
wpexploit
wpexploit
FL3R FeelBox <= 8.1 - Moods Reset via CSRF
2023-01-04 00:00:00

EPSS

0.001

Percentile

33.8%

JSON
Related for WPVDB-ID:483ED482-A1D1-44F6-8B99-56E653D3E45F
prion1cve1nvd1cvelist1wpexploit1