Description
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
Remediation
References
Related Vulnerabilities
WordPress Plugin Invit0r 'ofc_upload_image.php' Arbitrary File Upload (0.22)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2020-1967)
WordPress Plugin Mail Masta Local File Inclusion (1.0)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2014-0082)
WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)