Description
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing.
Remediation
References
Related Vulnerabilities
WordPress Plugin Timed Content Cross-Site Scripting (2.72)
WordPress Plugin Abandoned Cart Lite for WooCommerce Security Bypass (5.14.2)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Request Forgery (4.4.3)
Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2019-18801)