Description

The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Related CPE's

a

fl3r_feelbox_project

fl3r_feelbox

*

*

*

*

*

wordpress

Vulnerable

References

https://wpscan.com/vulnerability/307b0fe4-39de-4fbb-8bb0-f7f15ec6ef52

ExploitThird Party Advisory

Weaknesses

Could not find any weaknesses

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-30T21:15:11.017

2 years ago

Last modified

2023-11-07T03:58:08.150

1 year ago