WordPress Plugin Vulnerabilities

flickrRSS <= 5.3.1 - XSS and CSRF

Description

The flickr-rss WordPress plugin was affected by a XSS and CSRF security vulnerability.

Affects Plugins

Plugin icon
flickr-rss
No known fix

References

CVE
CVE-2018-6466
CVE
CVE-2018-6467
CVE
CVE-2018-6468
CVE
CVE-2018-6469
URL
https://github.com/AntsKnows/CVE/blob/master/wordpress-plugin/CVE-2018-6466

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
b7d38151-d3d3-4219-9759-ede434de8fbb

Timeline

Publicly Published
2018-02-06 (about 8 years ago)
Added
2018-02-07 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2022-03-22
Title
Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
Published
2024-06-04
Title
Brizy – Page Builder < 2.4.44 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes
Published
2024-09-24
Title
Giveaways and Contests by RafflePress < 1.12.17 - Admin+ Stored XSS
Published
2025-01-14
Title
Catalog Importer, Scraper & Crawler < 5.1.4 - Reflected Cross-Site Scripting
Published
2025-01-16
Title
BizLibrary <= 1.1 - Reflected Cross-Site Scripting