CVE Vulnerabilities

CVE-2014-5203

Published: Aug 18, 2014 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

Affected Software

Name Vendor Start Version End Version
Wordpress Wordpress 3.9.0 (including) 3.9.0 (including)
Wordpress Wordpress 3.9.1 (including) 3.9.1 (including)
Wordpress Ubuntu lucid *
Wordpress Ubuntu precise *
Wordpress Ubuntu upstream *

References