CVE-2014-5203

CVE-2014-5203

EPSS 3.9%

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://openwall.com/lists/oss-security/2014/08/13/3 https://core.trac.wordpress.org/changeset/29389 https://wordpress.org/news/2014/08/wordpress-3-9-2/