Description

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

Remediation

References

CVE-2014-5203

Related Vulnerabilities

Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129)

Nginx Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-16845)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5739)

MySQL CVE-2017-3467 Vulnerability (CVE-2017-3467)

concrete5 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8082)

Severity

High

Classification

CVE-2014-5203

Tags

Missing Update Known Vulnerabilities