Description

WordPress Plugin FL3R FeelBox is prone to multiple vulnerabilities, including SQL injection and cross-site request forgery vulnerabilities. Exploiting these issues may allow a remote attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, or to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin FL3R FeelBox version 8.1 is vulnerable; prior versions may also be affected.

Remediation

Disable and remove the plugin until a fix is available

References

https://sploitus.com/exploit?id=WPEX-ID:9BB6FDE0-1347-496B-BE03-3512E6B7E8F8

https://sploitus.com/exploit?id=WPEX-ID:307B0FE4-39DE-4FBB-8BB0-F7F15EC6EF52

https://sploitus.com/exploit?id=WPEX-ID:483ED482-A1D1-44F6-8B99-56E653D3E45F

https://wordpress.org/plugins/fl3r-feelbox/#description

Related Vulnerabilities

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-0773)

Moodle Other Vulnerability (CVE-2004-1425)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42116)

PHP Numeric Errors Vulnerability (CVE-2007-1001)

Oracle JRE CVE-2013-2463 Vulnerability (CVE-2013-2463)

Severity

High

Classification

CVE-2022-4445 CVE-2022-4552 CVE-2022-4553 CWE-89 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update