Description

WordPress Plugin FL3R FeelBox is prone to multiple vulnerabilities, including SQL injection and cross-site request forgery vulnerabilities. Exploiting these issues may allow a remote attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, or to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin FL3R FeelBox version 8.1 is vulnerable; prior versions may also be affected.

Remediation

Disable and remove the plugin until a fix is available

References

https://sploitus.com/exploit?id=WPEX-ID:9BB6FDE0-1347-496B-BE03-3512E6B7E8F8

https://sploitus.com/exploit?id=WPEX-ID:307B0FE4-39DE-4FBB-8BB0-F7F15EC6EF52

https://sploitus.com/exploit?id=WPEX-ID:483ED482-A1D1-44F6-8B99-56E653D3E45F

https://wordpress.org/plugins/fl3r-feelbox/#description

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2006-5366)

WordPress Plugin WP Survey Plus Security Bypass (1.0)

WordPress Plugin WPML (WordPress Multilingual) Cross-Site Request Forgery (4.3.6)

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)

WordPress Plugin WooCommerce-Store Exporter CSV Injection (2.3.1)

Severity

High

Classification

CVE-2022-4445 CVE-2022-4552 CVE-2022-4553 CWE-89 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update