{"containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-05-02T09:23:24.554Z"}, "title": "Flower Delivery by Florist One <= 3.7 - Admin+ Stored Cross-Site Scripting", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Flower Delivery by Florist One", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThanOrEqual": "3.7"}], "defaultStatus": "affected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setups)"}], "references": [{"url": "https://wpscan.com/vulnerability/ea438e84-f842-4cb9-b6c0-550cd8187701", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "fuzzyap1", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-1113", "datePublished": "2022-06-27T08:56:22", "dateReserved": "2022-03-28T00:00:00", "dateUpdated": "2023-05-02T09:23:24.554Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:floristone:flower_delivery:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8B859F99-FD00-4125-8DCD-5CE6F97CEF29", "versionEndIncluding": "3.5.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setups)"}, {"lang": "es", "value": "El plugin Flower Delivery by Florist One de WordPress versiones hasta 3.5.10 no sanea y escapa de algunos de sus ajustes, lo que podr\u00eda permitir a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de tipo Cross-Site Scripting cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraciones multisitio)"}], "id": "CVE-2022-1113", "lastModified": "2023-11-07T03:41:45.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-27T09:15:08.877", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/ea438e84-f842-4cb9-b6c0-550cd8187701"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified"}

{}