CVE-2022-4552 in FL3R FeelBox Plugininformação

Sumário

de MITRE • 30/01/2023

The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservar

16/12/2022

Divulgação

30/01/2023

Moderação

aceite

Entrada

VDB-219820

CPE

pronto

CWE

CWE-352 (confirmado)

CVSS

6.1 (NVD)

EPSS

0.00130

KEV

não

Atividades

muito baixo

Sector

Hostingprovider

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-4552
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-4552
CVE Details	https://www.cvedetails.com/cve/CVE-2022-4552/

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!