Flickr Press Security & Risk Analysis

wordpress.org/plugins/flickr-press

Use this plugin to display your Flickr photosets on your WordPress site.

10 active installs v1.3.1 PHP + WP 3.1+ Updated Mar 7, 2011
flickrgalleryphoto
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Flickr Press Safe to Use in 2026?

Generally Safe

Score 85/100

Flickr Press has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago
Risk Assessment

The flickr-press v1.3.1 plugin presents a generally positive security posture with no known CVEs or reported vulnerabilities. The static analysis indicates a small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are accessible without authentication. Furthermore, all identified SQL queries utilize prepared statements, which is a strong practice against SQL injection vulnerabilities. However, the analysis does reveal two critical areas of concern. The presence of two instances of the 'unserialize' function is a significant risk, as unsanitized serialized data can lead to remote code execution vulnerabilities. Additionally, a low percentage of proper output escaping (24%) suggests a potential for cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the plugin's output displayed to users. While the plugin benefits from a lack of historical vulnerabilities, these specific code signals warrant careful consideration and remediation.

Key Concerns

  • Dangerous function 'unserialize' used
  • Low percentage of properly escaped output
Vulnerabilities
None known

Flickr Press Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Flickr Press Release Timeline

v1.3.1Current
v1.3
v1.2
v1.1
Code Analysis
Analyzed Apr 16, 2026

Flickr Press Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
8 prepared
Unescaped Output
45
14 escaped
Nonce Checks
1
Capability Checks
0
File Operations
5
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserialize$this->parsed_response = $this->clean_text_nodes(unserialize($this->response));phpflickr-3.0/phpFlickr.php:301
unserializereturn unserialize(file_get_contents('http://phpflickr.com/geodata/?format=php&lat=' . $lat . '&lon=phpflickr-3.0/phpFlickr.php:386

SQL Query Safety

100% prepared8 total queries

Output Escaping

24% escaped59 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
settings_page (flickr-admin.php:130)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Flickr Press Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 8
actionadmin_menuflickr-admin.php:12
filterplugin_action_linksflickr-admin.php:13
actionadmin_initflickr-admin.php:15
actionadmin_initflickr-admin.php:20
actionadmin_noticesflickr-admin.php:23
actionadmin_noticesflickr-admin.php:24
actiontemplate_redirectflickr-public.php:15
filterthe_contentflickr-public.php:117
Maintenance & Trust

Flickr Press Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4
Last updatedMar 7, 2011
PHP min version
Downloads9K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Flickr Press Developer Profile

Anthony

7 plugins · 300 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Flickr Press

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/flickr-press/css/flickr-press-admin.css/wp-content/plugins/flickr-press/css/flickr-press-public.css/wp-content/plugins/flickr-press/js/flickr-press-admin.js
Script Paths
/wp-content/plugins/flickr-press/js/flickr-press-admin.js
Version Parameters
flickr-press/css/flickr-press-admin.css?ver=flickr-press/css/flickr-press-public.css?ver=flickr-press/js/flickr-press-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
flickr-press-albums
HTML Comments
<!-- FlickrPress Admin Area -->
Data Attributes
data-flickr-press-user-iddata-flickr-press-photoset-iddata-flickr-press-album-iddata-flickr-press-photo-countdata-flickr-press-columnsdata-flickr-press-photo-size
JS Globals
flickr_press_settings
Shortcode Output
[flickr-press
FAQ

Frequently Asked Questions about Flickr Press