Insecure Deserialization
A vulnerability where untrusted data is used to instantiate objects, potentially leading to remote code execution.
How it works
A vulnerability where untrusted data is used to instantiate objects, potentially leading to remote code execution.
In WordPress
Never use PHP unserialize() on user input. Use json_decode() instead, or pass allowed_classes option.
Related terms
WP HealthKit checks for Insecure Deserialization-related vulnerabilities automatically
Run a Free Audit