CVE-2018-5284
CVE-2018-5284 affects the WordPress plugin ImageInject, version 1.15. The vulnerability is a stored cross-site scripting (XSS) via the flickr_appid parameter on wp-admin/options-general.php. Root cause is input handling insufficient to neutralize script payloads in this parameter. Documented impa...