A warning to any prospective users of the “Quick Flickr Widget”: It uses a very dangerous feature of the Flickr API which executes arbitrary PHP code that comes from Flickr. In the event of any one of a number of circumstances such as Flickr becoming compromised or a man-in-the-middle attack, use of this plugin will result in arbitrary code being executed on your site.
Potential attacks could include deletion of all data on your site, the transmission of passwords and other sensitive data to an attacker, or the insertion of malware into your site.
Use at your own risk.
- The topic ‘[Plugin: Quick Flickr Widget] Beware this plugin: Serious security flaws’ is closed to new replies.