CVE-2018-6469
The CVE concerns a cross-site scripting (XSS) flaw in WordPress’s flickrRSS plugin, version 5.3.1. The vulnerability lies in flickrRSS.php, exploitable via the flickrRSS_tags parameter submitted to wp-admin/options-general.php. This allows remote attackers to inject arbitrary web script or HTML. ...