CVE-2017-20207

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Flickr Gallery plugin for WordPress versions up to and including 1.5.2

Description The software is susceptible to PHP Object Injection due to deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Reports indicate active exploitation of this issue, with attackers utilizing the WP Theme() class to establish backdoors.

Recommendations Update the Flickr Gallery plugin to a version later than 1.5.2.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2017-20207

Affected Products

Flickr Gallery

CVE-2017-20207

Weakness Enumeration

Related Identifiers

Affected Products

References · 8