4 matches found
CVE-2024-54347
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion allows Reflected XSS.This issue affects FloristPress: from n/a through = 7.2.0...
CVE-2024-54347
CVE-2024-54347 is a reflected XSS in FloristPress (Florist plugin by Bakkbone) affecting FloristPress versions up to 7.2.0. The Red Hat and Wordfence entries corroborate a Cross-Site Scripting vulnerability caused by improper input neutralization in web page generation. The CVSS data from Patchst...
CVE-2024-53798 WordPress FloristPress plugin <= 7.3.0 - Nonce Leakage to Broken Access Control vulnerability
Missing Authorization vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion.This issue affects FloristPress: from n/a through = 7.3.0...
CVE-2024-53798
CVE-2024-53798 refers to a Missing Authorization vulnerability in the FloristPress WordPress plugin (FloristPress by BAKKBONE) affecting versions n/a through 7.3.0. Connected sources confirm a nonce leakage facilitating broken access control. The vulnerability is publicly tracked by CVE lists and...