Description
WordPress Plugin Flamingo is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary code within the context of the affected webserver process; this may result in total compromise of the web server. WordPress Plugin Flamingo version 1.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.1.1 or latest
References
Related Vulnerabilities
WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.4)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0825)
WordPress Plugin YITH WooCommerce Product Add-Ons Security Bypass (1.5.21)
Drupal Core 8.9.x Multiple Cross-Site Scripting Vulnerabilities (8.9.0 - 8.9.5)
WordPress Plugin WP Login Security and History Cross-Site Request Forgery (1.0)