4 matches found
CVE-2022-1113
The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups...
CVE-2022-1113
The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups...
CVE-2022-1113 Flower Delivery by Florist One <= 3.7 - Admin+ Stored Cross-Site Scripting
The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups...
CVE-2022-1113
The CVE-2022-1113 entry concerns the WordPress plugin “Flower Delivery by Florist One” (versions up to 3.7). The vulnerability arises because the plugin does not sanitize and escape several settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., admins) when the...