We have reported this issue to the vendor and they have confirmed that a fix is already in the works. In the mean time, you can protect your site by ensuring that users with low privilege levels do not have the ability to add external scripts.
Flickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disabled. We have reported this issue to the vendor and they have confirmed that a fix is already in the works. In the mean time, you can protect your site by ensuring that users with low privilege levels do not have the ability to add external scripts. In addition to the issues we have previously reported, through 2.8.1 the Flickr Flickr WordPress plugin is also vulnerable to a XSS injection attack when a user is logged into the site with a low privilege level and the unfiltered_html capability is disabled. We have reported this issue to the vendor and they have confirmed that a fix is already in the works. In the mean time, you can protect your site by ensuring that users with low privilege levels do not have the ability to add external scripts.
Flickr WordPress plugin through 2.7.1 and earlier
We have reported this issue to the vendor and they have confirmed that a fix is already in the works. In the mean time, you can protect your site by ensuring that users with low privilege levels do not have the ability to add external scripts.
Adobe Audition CS6 plugin
We have reported this issue to the vendor and they have confirmed that a fix is already in the works. In the mean time, you can protect your site by ensuring that users with low privilege levels do not have the ability to add external scripts.
Timeline
Published on: 09/19/2022 14:15:00 UTC
Last modified on: 09/21/2022 14:58:00 UTC