Description
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.
Remediation
References
Related Vulnerabilities
WordPress Plugin Duplicate Theme Unspecified Vulnerability (0.1.4)
WordPress Plugin Arigato Autoresponder and Newsletter Cross-Site Scripting (2.3.1)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9127)
Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8167)