[Plugin: Quick Flickr Widget] Beware this plugin: Serious security flaws (2 posts)

  1. michaeltyson
    Posted 6 years ago #

    A warning to any prospective users of the "Quick Flickr Widget": It uses a very dangerous feature of the Flickr API which executes arbitrary PHP code that comes from Flickr. In the event of any one of a number of circumstances such as Flickr becoming compromised or a man-in-the-middle attack, use of this plugin will result in arbitrary code being executed on your site.

    Potential attacks could include deletion of all data on your site, the transmission of passwords and other sensitive data to an attacker, or the insertion of malware into your site.

    Use at your own risk.


  2. Thanks for noting Michael, will think of a workaround to minimize security risks.

Topic Closed

This topic has been closed to new replies.

About this Topic