CVE-2017-1002016

CRITICAL

WordPress Plugin Flickr-Picture-Backup <0.7 - Unauthenticated RCE

Title source: llm

Description

Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

http://www.vapidlabs.com/advisory.php?v=190

Not Applicable x_refsource_misc

https://wordpress.org/plugins/flickr-picture-backup/

Scores

CVSS v3 9.8

EPSS 0.1458

EPSS Percentile 94.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

daozhao/flickr-picture-backup unspecified - 0.7

flickr_picture_backup_project/flickr_picture_backup 0.7

Published Sep 14, 2017

Tracked Since Feb 18, 2026