WordPress Plugin Vulnerabilities

Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection

Description

The flickr-gallery WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability.

Affects Plugins

Plugin icon
flickr-gallery
Fixed in 1.5.3

References

URL
https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/
URL
https://plugins.trac.wordpress.org/changeset/1737576/flickr-gallery

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
d33841c1-de5f-4329-8009-383ea1176025

Timeline

Publicly Published
2017-10-02 (about 8 years ago)
Added
2017-10-03 (about 8 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-06-24
Title
ThemeMove Core <= 1.4.2 - Authenticated (Subscriber+) PHP Object Injection
Published
2024-11-18
Title
Xpresslane Fast Checkout <= 1.0.0 - Unauthenticated PHP Object Injection
Published
2024-03-29
Title
Essential Addons for Elementor < 5.9.14 - Author+ PHP Object Injection
Published
2026-04-20
Title
Behold < 1.6 - Unauthenticated PHP Object Injection
Published
2025-01-03
Title
ARPrice < 4.2 - Unauthenticated PHP Object Injection