Main Vulnerability Database Vulnerabilities #VU41397

#VU41397 Input validation error in WordPress - CVE-2014-5203

Published: August 18, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41397

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-5203

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WordPress

Software vendor:
WordPress.ORG

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

Remediation

Install update from vendor's website.

External links

http://openwall.com/lists/oss-security/2014/08/13/3
https://core.trac.wordpress.org/changeset/29389
https://wordpress.org/news/2014/08/wordpress-3-9-2/