Unrated severityNVD Advisory· Published Oct 18, 2025· Updated Apr 8, 2026
Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection
CVE-2017-20207
Description
The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.5.2
- Dan Coulter/Flickr Galleryv5Range: 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.