WordPress < 3.6.1 PHP Object InjectionUpdate WordPress to avoid Remote Code Execution attacks 11 September 2013 After reading a blog post about a “PHP object injection” vulnerability in Joomla, I dug a bit deeper and found Stefan Esser’s slides of the 2010 BlackHat conference, which showed that PHP’s unserialize() function can give rise to vulnerabilities when supplied user-generated content. So b