The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: WPScan
Published: 2023-01-30T20:31:51.944Z
Updated: 2024-08-03T01:41:45.631Z
Reserved: 2022-12-16T10:20:34.993Z
Link: CVE-2022-4552

No data.

Status : Modified
Published: 2023-01-30T21:15:11.017
Modified: 2024-11-21T07:35:28.523
Link: CVE-2022-4552

No data.