CVE-2022-1113

Name of the Vulnerable Software and Affected Versions The Flower Delivery by Florist One WordPress plugin versions 3.7 and earlier

Description The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitising and escaping some of its settings.

Recommendations For versions 3.7 and earlier, update to a version that properly sanitises and escapes its settings to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting the unfiltered html capability to high privilege users to minimize the risk of exploitation.