Description

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations.

Remediation

References

CVE-2013-4338

Related Vulnerabilities

Perl Out-of-bounds Write Vulnerability (CVE-2018-6913)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2202)

concrete5 Improper Input Validation Vulnerability (CVE-2017-18195)

WordPress Plugin EditorMonkey Remote File Upload (2.5)

WordPress Plugin WooCommerce-Store Exporter Privilege Escalation (1.8.3)

Severity

High

Classification

CVE-2013-4338 CWE-94

Tags

Missing Update Known Vulnerabilities