WordPress 3.6.1 Update Fixes PHP Code Execution Vulnerability

A dangerous vulnerability has been discovered in the WordPress web content management system, used by approximately 18% of the million most popular sites on the Internet, which could potentially allow PHP code to be executed on the server. The problem manifests itself due to the ability to bypass the check for the use of serialized data and initiate the substitution of a serialized block prepared by the attacker into the database, when unpacked, it is possible to organize the substitution of parameters of WordPress PHP objects and achieve the execution of PHP code. The danger of the problem reduces the need for specific conditions for exploitation; for example, an exploit prototype was created only to execute code through the use of a third-party WordPress plugin class. It was not possible to find standard WordPress classes that contain initially defined methods called after unserialize() is executed. In addition, WordPress developers have found that the problem does not occur in MySQL configurations that ignore the tail of the UTF8 sequence when detecting an incomplete multibyte Unicode character. The vulnerability has been fixed in the emergency release of WordPress 3.6.1. WordPress users are advised to install the update immediately. Release 3.6.1 also fixes two more annoying vulnerabilities: an issue that allows a user with author rights to create a publication on behalf of another user, and the ability to redirect the user to another site. We strongly recommend that all WordPress users update to version 3.6.1