Description

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations.

Remediation

References

CVE-2013-4338

Related Vulnerabilities

Django Improper Access Control Vulnerability (CVE-2016-2048)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-27949)

MySQL CVE-2016-5627 Vulnerability (CVE-2016-5627)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44951)

WordPress Plugin Web Stories Server-Side Request Forgery (1.24.0)

Severity

High

Classification

CVE-2013-4338 CWE-94

Tags

Missing Update Known Vulnerabilities