Description
WordPress Plugin FL3R FeelBox is prone to multiple vulnerabilities, including SQL injection and cross-site request forgery vulnerabilities. Exploiting these issues may allow a remote attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, or to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin FL3R FeelBox version 8.1 is vulnerable; prior versions may also be affected.
Remediation
Disable and remove the plugin until a fix is available
References
https://sploitus.com/exploit?id=WPEX-ID:9BB6FDE0-1347-496B-BE03-3512E6B7E8F8
https://sploitus.com/exploit?id=WPEX-ID:307B0FE4-39DE-4FBB-8BB0-F7F15EC6EF52
https://sploitus.com/exploit?id=WPEX-ID:483ED482-A1D1-44F6-8B99-56E653D3E45F
Related Vulnerabilities
WordPress Plugin Additional Variation Images for WooCommerce Cross-Site Scripting (1.1.28)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5491)
WordPress Plugin Display Widgets Spam Links Injection (2.6.3.1)
OpenSSL Possible denial of service attack Vulnerability (CVE-2020-1971)