Cross-site Scripting Vulnerability in Flickr Photostream by NotFound
CVE-2025-31467

7.1HIGH

Key Information:

Vendor: Notfound
Status: Flickr Photostream
Vendor: CVE Published:; 3 April 2025

What is CVE-2025-31467?

The Flickr Photostream plugin by NotFound suffers from a reflected Cross-site Scripting (XSS) vulnerability, allowing attackers to inject malicious scripts into web pages. This can lead to unauthorized data access and can compromise user sessions. The flaw affects versions from the initial release up to 3.1.8, making it essential for users to upgrade their installations to protect against potential exploits.

Affected Version(s)

Flickr Photostream <= 3.1.8

References

https://patchstack.com/database/wordpress/plugin/flickr-p...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Mar 28, 2025

Credit

Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)