Description

wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations.

Remediation

References

CVE-2013-4338

Related Vulnerabilities

Atlassian Confluence Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-29450)

WordPress Plugin iThemes Security (formerly Better WP Security) Multiple Vulnerabilities (3.6.3)

Drupal Other Vulnerability (CVE-2006-2743)

Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3722)

XWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-32068)

Severity

High

Classification

CVE-2013-4338 CWE-94

Tags

Missing Update Known Vulnerabilities