CVE-2022-4552

Name of the Vulnerable Software and Affected Versions FL3R FeelBox WordPress plugin versions 8.1 and earlier

Description The issue concerns a lack of CSRF check when updating settings, as well as missing sanitization and escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.

Recommendations For FL3R FeelBox WordPress plugin versions 8.1 and earlier, update to a version that includes a CSRF check and proper sanitization and escaping to prevent Stored XSS payloads via CSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.