Description

The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Related CPE's

a

armandofiore

fl3r_feelbox

*

*

*

*

*

wordpress

Vulnerable

References

https://wpscan.com/vulnerability/307b0fe4-39de-4fbb-8bb0-f7f15ec6ef52

ExploitThird Party Advisory

https://wpscan.com/vulnerability/307b0fe4-39de-4fbb-8bb0-f7f15ec6ef52

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-352

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-352

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-01-30T20:15:11.017Z

2 years ago

Last modified

2025-10-07T13:36:01.850Z

3 months ago