Description
WordPress is prone to multiple vulnerabilities, including remote code execution, security bypass and open redirect vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary code with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data, to compromise a vulnerable system, to perform otherwise restricted actions and subsequently create posts "written by" another user or to redirect users to arbitrary web sites and conduct phishing attacks. WordPress versions prior to 3.6.1 are vulnerable.
Remediation
Update to WordPress version 3.6.1 or latest
References
https://vagosec.org/2013/09/wordpress-php-object-injection/
https://vagosec.org/2013/12/wordpress-rce-exploit/
Related Vulnerabilities
WordPress Plugin PayPal Digital Downloads Cross-Site Request Forgery (1.4)
WordPress Plugin WP Last Modified Info Cross-Site Scripting (1.6.5)
Oracle JRE CVE-2020-2757 Vulnerability (CVE-2020-2757)
Envoy Proxy Improper Handling of Exceptional Conditions Vulnerability (CVE-2024-23325)
WordPress Plugin WPS Hide Login Multiple Security Bypass Vulnerabilities (1.5.2.2)