WordPress PHP Object Injection

Description

WordPress version 3.6.1 has fixed a number of security vulnerabilities, including one that could lead to remote code execution on vulnerable installations. Older versions of WordPress perform unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
Possible remote code execution.

Recommendation
Update to WordPress version 3.6.1 or newer.

References
WordPress Version 3.6.1
WordPress PHP Object Injection