Description

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations.

Remediation

References

CVE-2013-4338

Related Vulnerabilities

WordPress Plugin AdVert Cross-Site Scripting (1.0.5)

Play Framework Inadequate Encryption Strength Vulnerability (CVE-2019-17598)

WebLogic CVE-2020-2766 Vulnerability (CVE-2020-2766)

Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-37843)

Ruby Inefficient Regular Expression Complexity Vulnerability (CVE-2023-28756)

Severity

High

Classification

CVE-2013-4338 CWE-94

Tags

Missing Update Known Vulnerabilities