The Flip Slideshow plugin has a persistent cross-site scripting (XSS) vulnerability (and possibly other security issues) as of version 2.2.

Due to a issue with code shared among several plugins, which we first found in the  Vertical Slideshow plugin, functions intended for Administrator level users in this plugin are accessible to anyone (even if they are not logged in). One of those is save_flp_settings(), which saves values for the plugin’s settings: [Read more]