- WordPress version 3.6.1 has fixed a number of security vulnerabilities, including one that could lead to remote code execution on vulnerable installations. Older versions of WordPress perform unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
- Update to WordPress version 3.6.1 or newer.
- WordPress Plugin W3 Total Cache PHP Code Injection (0.9.2.8)
- TinyMCE ajax_create_folder remote code execution vulnerability
- WordPress Plugin Ultimate Member-User Profile & Membership Remote Code Execution (2.0.32)
- WordPress user registration enabled
- Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.4.8)