Description
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
Remediation
References
Related Vulnerabilities
WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Request Forgery (7.8)
WordPress Plugin WP Database Backup Cross-Site Request Forgery (5.1.2)
WordPress Plugin Custom Dashboard & Login Page-AGCA Multiple Unspecified Vulnerabilities (1.5.4.2)
WordPress Plugin Crayon Syntax Highlighter Security Bypass (2.6.10)