7.5
CVSSv2

CVE-2014-5203

Published: 18/08/2014 Updated: 28/08/2014
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x prior to 3.9.2 might allow remote malicious users to execute arbitrary code via crafted serialized data.

Affected Products

Vendor Product Versions
WordpressWordpress3.9.0, 3.9.1