cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-4445,https://securityvulnerability.io/vulnerability/CVE-2022-4445,FL3R FeelBox <= 8.1 - Unauthenticated SQLi,"The FL3R FeelBox WordPress plugin prior to version 8.2 contains a SQL injection vulnerability due to inadequate sanitization and escaping of a parameter in an AJAX action accessible to unauthenticated users. This flaw can allow attackers to manipulate SQL queries and gain unauthorized access to sensitive data, posing significant security risks to WordPress sites utilizing this plugin.",Wordpress,Fl3r Feelbox,9.8,CRITICAL,0.00267999991774559,false,,false,false,false,,false,false,2023-02-13T14:32:00.912Z,0
CVE-2022-4552,https://securityvulnerability.io/vulnerability/CVE-2022-4552,FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS,"The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack",Wordpress,Fl3r Feelbox,6.1,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-01-30T20:31:51.944Z,0
CVE-2022-4553,https://securityvulnerability.io/vulnerability/CVE-2022-4553,FL3R FeelBox <= 8.1 - Moods Reset via CSRF,The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods  which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables,Wordpress,Fl3r Feelbox,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,false,2023-01-30T20:31:44.026Z,0