Описание
The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.
Ссылки
- Patch
- Press/Media CoverageThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.2 (включая)
cpe:2.3:a:dancoulter:flickr_gallery:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 43%
0.0021
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 9.8
github
4 месяца назад
The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the `pager ` parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerability with the WP_Theme() class to create backdoors.
EPSS
Процентиль: 43%
0.0021
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-502