wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x prior to 3.9.2 might allow remote malicious users to execute arbitrary code via crafted serialized data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress 3.9.0 |
||
wordpress wordpress 3.9.1 |