Description
wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations.
Remediation
References
Related Vulnerabilities
WordPress Plugin Processing Embed 'pluginurl' Parameter Cross-Site Scripting (0.5)
WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.14)
WordPress Plugin 10Web Map Builder for Google Maps Cross-Site Scripting (1.0.71)
MySQL CVE-2023-22066 Vulnerability (CVE-2023-22066)
WordPress Plugin Loan Comparison Multiple Cross-Site Scripting Vulnerabilities (1.5.2)