The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-01-30T20:31:51.944Z

Updated: 2024-08-03T01:41:45.631Z

Reserved: 2022-12-16T10:20:34.993Z

Link: CVE-2022-4552

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-30T21:15:11.017

Modified: 2024-11-21T07:35:28.523

Link: CVE-2022-4552

cve-icon Redhat

No data.