CVE-2017-20207P1CRITICALCVSS 9.8Exploitedfixed in 1.5.32025-10-18
CVE-2017-20207 [CRITICAL] CWE-502 CVE-2017-20207: The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and
The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager ` parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.
nvd