Description

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

Remediation

References

CVE-2014-5203

Related Vulnerabilities

Magento Improper Authorization Vulnerability (CVE-2021-28563)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-2613)

WordPress Plugin WP-Stats Multiple Vulnerabilities (2.51)

WordPress Plugin Add Link to Facebook Multiple Cross-Site Scripting Vulnerabilities (1.215)

WordPress Plugin Advanced Post Type Ratings Cross-Site Scripting (1.01)

Severity

High

Classification

CVE-2014-5203

Tags

Missing Update Known Vulnerabilities