← Back

Fl3r Feelbox

fl3r_feelbox

Vendor: Armandofiore • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Armandofiore
1Fl3r Feelbox
Jun 17, 2026
Feb 13, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
1Armandofiore
1Fl3r Feelbox
Jun 17, 2026
Jan 30, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts &...Show more
The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tablesShow less
1Armandofiore
1Fl3r Feelbox
Jun 17, 2026
Jan 30, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS paylo...Show more
The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackShow less