5 matches found
CVE-2025-12672
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-12672
The Flickr Show plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the flickrshow shortcode div_height parameter, impacting all versions up to 1.5. Exploitation requires authenticated access at Contributor level or higher, enabling the attacker to inject scri...
PT-2025-46293
Name of the Vulnerable Software and Affected Versions Flickr Show plugin for WordPress versions prior to 1.6 Description The software is susceptible to Stored Cross-Site Scripting through the div height parameter of the 'flickrshow' shortcode. Insufficient input sanitization and output escaping...