Description
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH WooCommerce Gift Cards Unspecified Vulnerability (2.14.0)
WordPress Plugin YITH WooCommerce Zoom Magnifier Cross-Site Scripting (1.2.6)
WordPress Plugin Broken Link Checker Multiple Cross-Site Scripting Vulnerabilities (1.9.1)
Oracle Database Server CVE-2019-2753 Vulnerability (CVE-2019-2753)