CVE Vulnerabilities

CVE-2014-5203

Published: Aug 18, 2014 | Modified: Aug 28, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

Affected Software

Name Vendor Start Version End Version
Wordpress Wordpress 3.9.0 (including) 3.9.0 (including)
Wordpress Wordpress 3.9.1 (including) 3.9.1 (including)
Wordpress Ubuntu lucid *
Wordpress Ubuntu precise *
Wordpress Ubuntu upstream *

References