CVE-2017-20206P1CRITICALCVSS 9.8Exploited≤ 2.2.1·fixed in 2.2.22025-10-18
CVE-2017-20206 [CRITICAL] CWE-502 CVE-2017-20206: The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and i
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create ba
nvd