diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index b05c0139..f9154631 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -3,6 +3,19 @@
 <vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:noNamespaceSchemaLocation="vuln.xsd">
 
+  <wordpress version="3.6">
+    <vulnerability>
+      <title>PHP Object Injection</title>
+      <references>
+        <url>http://vagosec.org/2013/09/wordpress-php-object-injection/</url>
+        <url>http://www.openwall.com/lists/oss-security/2013/09/12/1</url>
+        <url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4340</url>
+        <cve>2013-4340</cve>
+      </references>
+      <type>UNKNOWN</type>
+    </vulnerability>
+  </wordpress>
+
   <wordpress version="3.5.2">
     <vulnerability>
       <title>SWFUpload Content Spoofing</title>