Description
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
Remediation
References
Related Vulnerabilities
WordPress Plugin bbPress Move Topics PHP Object Injection (1.1.4)
WordPress Plugin WP Dev Powers:ACF Color Coded Field Types Security Bypass (1.0)
WordPress Plugin Easy Accept Payments for PayPal Cross-Site Scripting (4.9.9)
WordPress Plugin PI Button includes Backdoor [Only if downloaded via the vendor website] (3.3.3)