Flower Delivery by Florist One <= 3.9.1 – Admin+ Stored Cross-Site Scripting | CVE 2022-1113 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setups)

Proof of Concept

As admin, go to the plugin's settings, create a new Location, put the following payload in the "Funeral Home Name" then save the location and the settings: <img src onerror=prompt(/XSS/)>

Affects Plugins

flower-delivery-by-florist-one

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

fuzzyap1

Submitter

fuzzyap1

Submitter website

https://github.com/fuzzyap1/

Verified

Yes

WPVDB ID

ea438e84-f842-4cb9-b6c0-550cd8187701

Timeline

Publicly Published

2022-06-02 (about 3 years ago)

Added

2022-06-02 (about 3 years ago)

Last Updated

2025-03-25 (about 9 months ago)

Other

Published

Title

Published

2024-02-14

Title

Custom Field Template < 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via $search_label

Published

2023-08-18

Title

WP VR < 8.3.5 - Reflected XSS

Published

2025-01-07

Title

Slides & Presentations <= 0.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-10-11

Title

WPSchoolPress < 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting

Published

2024-09-25

Title

Mapplic Lite <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload