Description

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

Remediation

References

CVE-2014-5203

Related Vulnerabilities

WordPress Plugin WooCommerce Cross-Site Scripting (2.0.12)

MySQL CVE-2015-4858 Vulnerability (CVE-2015-4858)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5539)

WordPress Plugin MediaPress Security Bypass (1.1.9)

Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-12459)

Severity

High

Classification

CVE-2014-5203

Tags

Missing Update Known Vulnerabilities