Description
The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables
References
https://wpscan.com/vulnerability/483ed482-a1d1-44f6-8b99-56e653d3e45f
ExploitThird Party Advisory
Weaknesses
Could not find any weaknesses
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-01-30T21:15:11.197
1 year agoLast modified
2023-11-07T03:58:08.357
8 months ago