CVE-2013-4338
wordpress - several
EPSS 9.6%
Description
wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations.
How to fix CVE-2013-4338
To remediate CVE-2013-4338, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 3.6.1+dfsg-1 or later
- Debian/wordpress—upgrade to 3.6.1+dfsg-1~deb6u1 or later
Is CVE-2013-4338 being exploited?
Moderate — EPSS is 9.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 3.6.1+dfsg-1
- from 0, < 3.6.1+dfsg-1~deb6u1