Description
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH WooCommerce Bulk Product Editing Security Bypass (1.2.13)
WordPress Plugin NAB Transact Security Bypass (2.1.0)
Oracle Application Server Other Vulnerability (CVE-2002-1858)
WebLogic CVE-2020-14687 Vulnerability (CVE-2020-14687)
WordPress Plugin Request a Quote Cross-Site Scripting (2.0.0)