3 matches found
CVE-2024-11769
The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2024-11769
creationtimestamp| type| source ---|---|--- 2024-12-04 07:56:32+00:00| seen| https://infosec.exchange/users/cve/statuses/113593482703123911 2024-12-04 10:03:42+00:00| seen| https://t.me/cvedetector/11957...
CVE-2024-11769 Flower Delivery by Florist One <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...