Description
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
Remediation
References
Related Vulnerabilities
WordPress Plugin Booking Calendar Local File Inclusion (7.0)
WordPress Plugin WP Statistics SQL Injection (12.6.6.1)
WordPress Plugin WooCommerce Checkout Manager Cross-Site Request Forgery (4.3)
WordPress Plugin Helpful Cross-Site Scripting (4.4.58)
WordPress Plugin Multiple Domain Cross-Site Scripting (1.0.2)