Lucene search
K

273 matches found

CNNVD
CNNVD
added 2025/11/18 12:0 a.m.6 views

WordPress plugin Photonic Gallery & Lightbox for Flickr, SmugMug & Others 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

6.4CVSS5.7AI score0.00166EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/12 3:47 a.m.12 views

CVE-2025-12672

The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 6:30 a.m.5 views

EUVD-2025-60956

The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS4.7AI score0.00211EPSS
Exploits0References4
NVD
NVD
added 2025/11/11 4:15 a.m.5 views

CVE-2025-12672

The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00211EPSS
Exploits0References3
CVE
CVE
added 2025/11/11 3:30 a.m.22 views

CVE-2025-12672

The Flickr Show plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the flickrshow shortcode div_height parameter, impacting all versions up to 1.5. Exploitation requires authenticated access at Contributor level or higher, enabling the attacker to inject scri...

6.4CVSS4.8AI score0.00211EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.3 views

CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS4.7AI score0.00211EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.6 views

CVE-2025-12672 Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'divheight' parameter of the 'flickrshow' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00211EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/11 12:48 a.m.6 views

WordPress Flickr Show plugin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Flickr Show versions = 1.5...

6.4CVSS5.5AI score0.00211EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.6 views

PT-2025-46293

Name of the Vulnerable Software and Affected Versions Flickr Show plugin for WordPress versions prior to 1.6 Description The software is susceptible to Stored Cross-Site Scripting through the div height parameter of the 'flickrshow' shortcode. Insufficient input sanitization and output escaping...

6.4CVSS5.4AI score0.00211EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.6 views

WordPress plugin Flickr Show 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.7AI score0.00211EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/19 3:44 a.m.8 views

CVE-2017-20207

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerabilit...

9.8CVSS6.9AI score0.0067EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/18 6:30 a.m.6 views

EUVD-2017-18923

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerabilit...

9.8CVSS6.4AI score0.0067EPSS
Exploits0References4
OSV
OSV
added 2025/10/18 4:15 a.m.8 views

CVE-2017-20207

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerabilit...

9.8CVSS5.8AI score0.0067EPSS
Exploits0References3
NVD
NVD
added 2025/10/18 4:15 a.m.6 views

CVE-2017-20207

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerabilit...

9.8CVSS0.0067EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/18 3:33 a.m.5 views

CVE-2017-20207 Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerabilit...

9.8CVSS6.5AI score0.0067EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/18 3:33 a.m.17 views

CVE-2017-20207 Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerabilit...

9.8CVSS0.0067EPSS
Exploits0References3
CVE
CVE
added 2025/10/18 3:33 a.m.22 views

CVE-2017-20207

The Flickr Gallery plugin for WordPress is affected by PHP Object Injection in versions up to and including 1.5.2, via deserialization of untrusted input from the pager parameter. Unauthenticated attackers could inject a PHP object, with exploitation linked to the WP_Theme class to create backdoo...

9.8CVSS6.5AI score0.0067EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/18 12:0 a.m.5 views

PT-2025-42675

Name of the Vulnerable Software and Affected Versions Flickr Gallery plugin for WordPress versions up to and including 1.5.2 Description The software is susceptible to PHP Object Injection due to deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to...

9.8CVSS6.8AI score0.0067EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/18 12:0 a.m.6 views

WordPress plugin Flickr Gallery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

9.8CVSS7.3AI score0.0067EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-0998

Malware in sbrugna...

6.1CVSS4.7AI score0.00536EPSS
Exploits0References4
Rows per page
Query Builder