CVE-2014-9396

The CVE-2014-9396 entry concerns WordPress SimpleFlickr plugin versions up to 3.0.3 (and earlier). The vulnerability is a CSRF that can hijack administrator authentication to perform requests that trigger cross‑site scripting via three parameters in simpleFlickr.php (simpleflickr_width, simplefli...