CVE-2014-5203 — Wordpress vulnerability

7 documents5 sources

Severity

7.5HIGHNVD

EPSS

6.9%

top 8.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedAug 18

Latest updateMay 17

Description

wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.9.2+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 3.9.2+dfsg-1+3

▶NVDwordpress/wordpress3.9.0, 3.9.1+1

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-2wgg-mrqh-cxvr: wp-includes/class-wp-customize-widgets↗2022-05-17

▶

OSV

CVE-2014-5203: wp-includes/class-wp-customize-widgets↗2014-08-18

▶

📋Vendor Advisories

Debian

CVE-2014-5203: wordpress - wp-includes/class-wp-customize-widgets.php in the widget implementation in WordP...↗2014

▶

💬Community

Bugzilla

CVE-2014-5203 CVE-2014-5204 CVE-2014-5205 CVE-2014-5240 wordpress: multiple vulnerabilities fixed upstream↗2014-08-13

▶

Bugzilla

CVE-2014-5203 CVE-2014-5205 CVE-2014-5204 wordpress: multiple vulnerabilities fixed upstream [epel-all]↗2014-08-13

▶

Bugzilla

CVE-2014-5203 CVE-2014-5205 CVE-2014-5204 wordpress: multiple vulnerabilities fixed upstream [fedora-all]↗2014-08-13

▶