CVE-2024-11769

CVE-2024-11769 – Flower Delivery by Florist One (WordPress) has a stored XSS vulnerability in the Flower Delivery shortcode (flower-delivery). According to connected sources, all versions up to and including 3.9 are affected due to insufficient input sanitization and output escaping on user-suppl...

CVE-2024-11769 Flower Delivery by Florist One <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

WordPress plugin Flower Delivery by Florist One 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

WordPress Flower Delivery by Florist One plugin <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Flower Delivery by Florist One versions = 3.9...

WordPress Flower Delivery by Florist One跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Flower Delivery by Florist One versions prior to 3.5.10 have a cross-site scripting...

CVE-2022-1113

The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups...

CVE-2022-1113

The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups...

CVE-2022-1113

The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups...

Cross site scripting

The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups...

CVE-2022-1113

The CVE-2022-1113 entry concerns the WordPress plugin “Flower Delivery by Florist One” (versions up to 3.7). The vulnerability arises because the plugin does not sanitize and escape several settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., admins) when the...

CVE-2022-1113 Flower Delivery by Florist One <= 3.7 - Admin+ Stored Cross-Site Scripting

The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups...

PT-2022-13667 · WordPress · The Flower Delivery By Florist One

Name of the Vulnerable Software and Affected Versions: The Flower Delivery by Florist One WordPress plugin versions 3.7 and earlier Description: The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed,...

WordPress plugin Flower Delivery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Flower Delivery by Florist One versions prior to 3.5.10 have a cross-site scripting...

WordPress Flower Delivery by Florist One plugin <= 3.5.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Flower Delivery by Florist One plugin versions = 3.5.15. Solution No fixed version is available...

Flower Delivery by Florist One <= 3.5.15 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups As admin, go to the plugin's settings, create a new...

Flower Delivery by Florist One <= 3.5.15 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups PoC As admin, go to the plugin's settings, create a ne...