CVE-2018-6468

CVE-2018-6468 describes a cross-site scripting (XSS) vulnerability in the flickrRSS.php file of the WordPress flickrRSS plugin (version 5.3.1). The issue allows remote attackers to inject arbitrary web script or HTML by supplying a crafted flickrRSS_id parameter to wp-admin/options-general.php. T...

CVE-2018-6469

The CVE concerns a cross-site scripting (XSS) flaw in WordPress’s flickrRSS plugin, version 5.3.1. The vulnerability lies in flickrRSS.php, exploitable via the flickrRSS_tags parameter submitted to wp-admin/options-general.php. This allows remote attackers to inject arbitrary web script or HTML. ...

CVE-2018-6467

The CVE-2018-6467 entry concerns the WordPress flickrRSS plugin (version 5.3.1 and earlier) with a Cross-Site Request Forgery (CSRF) vulnerability via wp-admin/options-general.php. Public sources consistently describe the flaw as CSRF in flickrRSS 5.3.1, with no patched version available at the t...

CVE-2018-6466

CVE-2018-6466 describes a cross-site scripting (XSS) vulnerability in the WordPress plugin flickrRSS (version 5.3.1) where an attacker can inject arbitrary script/HTML via the flickrRSS_set parameter to wp-admin/options-general.php. The issue affects the flickrRSS.php file within the flickrRSS pl...