CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-20207

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager ` parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.3%

CVSS Severity

CVSS v3 Score 9.8

References

https://plugins.trac.wordpress.org/changeset/1737576/flickr-gallery
https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/
https://www.wordfence.com/threat-intel/vulnerabilities/id/b52ae51d-7b9a-4047-82bf-723ea87d2375?source=cve

Products affected by CVE-2017-20207

Dancoulter » Flickr Gallery » Version: Any

cpe:2.3:a:dancoulter:flickr_gallery:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-20207

Products

Pricing

Contact Us