WordPress 3.6 - PHP Object Injection

Affects WordPress

fixed in version 3.6.1

References

CVE 2013-4338
URL http://vagosec.org/2013/09/wordpress-php-object-injection/
URL http://www.openwall.com/lists/oss-security/2013/09/12/1
URL http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340
URL http://core.trac.wordpress.org/changeset/25325

Classification

Type OBJECTINJECTION
OWASP Top 10 A8: Insecure Deserialization
CWE CWE-502

Miscellaneous

Views 4933
Verified No
WPVDB ID 5968

Timeline

Publicly Published 2013-09-11 (almost 6 years ago)
Added 2014-08-01 (about 5 years ago)
Last Updated 2018-08-29 (12 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin