VYPR
Unrated severityNVD Advisory· Published Oct 18, 2025· Updated Apr 8, 2026

Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection

CVE-2017-20207

Description

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.