9 matches found
CVE-2025-12672
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2025-60956
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12672
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12672
The Flickr Show plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the flickrshow shortcode div_height parameter, impacting all versions up to 1.5. Exploitation requires authenticated access at Contributor level or higher, enabling the attacker to inject scri...
WordPress Flickr Show plugin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Flickr Show versions = 1.5...
PT-2025-46293
Name of the Vulnerable Software and Affected Versions Flickr Show plugin for WordPress versions prior to 1.6 Description The software is susceptible to Stored Cross-Site Scripting through the div height parameter of the 'flickrshow' shortcode. Insufficient input sanitization and output escaping...
WordPress plugin Flickr Show 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...