CVE-2014-9396

Name of the Vulnerable Software and Affected Versions SimpleFlickr plugin versions 3.0.3 and earlier

Description The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via the simpleflickr width, simpleflickr bgcolor, or simpleflickr xmldatapath parameter in the "simpleFlickr.php" page to "wp-admin/options-general.php".

Recommendations For SimpleFlickr plugin versions 3.0.3 and earlier, consider disabling the simpleFlickr.php page or restricting access to the wp-admin/options-general.php page until a patch is available. Avoid using the simpleflickr width, simpleflickr bgcolor, or simpleflickr xmldatapath parameters in the simpleFlickr.php page until the issue is resolved.