diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index 03c6126..843d988 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -321,14 +321,22 @@ function get_weekstartend( $mysqlstring, $start_of_week = '' ) {
  * Unserialize value only if it was serialized.
  *
  * @since 2.0.0
+ * @since 4.9.0 Added the `$options` parameter.
  *
  * @param string $original Maybe unserialized original, if is needed.
+ * @param array  $options  Optional. Array of options to pass to unserialize if the PHP version is greater than 7.0.
  * @return mixed Unserialized data can be any type.
  */
-function maybe_unserialize( $original ) {
-	if ( is_serialized( $original ) ) // don't attempt to unserialize data that wasn't serialized going in
-		return @unserialize( $original );
-	return $original;
+function maybe_unserialize( $original, $options = array() ) {
+	// don't attempt to unserialize data that wasn't serialized going in.
+	if ( ! is_serialized( $original ) ) {
+		return $original;
+	}
+
+	if ( defined( 'PHP_MAJOR_VERSION' ) && PHP_MAJOR_VERSION >= 7 ) {
+		return @unserialize( $original, $options );
+	}
+	return @unserialize( $original );
 }
 
 /**
diff --git a/tests/phpunit/data/classes/class-foo.php b/tests/phpunit/data/classes/class-foo.php
new file mode 100644
index 0000000..555363f
--- /dev/null
+++ b/tests/phpunit/data/classes/class-foo.php
@@ -0,0 +1,16 @@
+<?php
+/**
+ * Class types to run tests against.
+ *
+ * This is for instance to test unserialization results against.
+ *
+ * @package WordPress
+ */
+
+require_once( dirname( __FILE__ ) . '/class-foobase.php' );
+require_once( dirname( __FILE__ ) . '/class-foointerface.php' );
+
+/**
+ * Foo class.
+ */
+class Foo extends FooBase implements FooInterface { }
diff --git a/tests/phpunit/data/classes/class-foobase.php b/tests/phpunit/data/classes/class-foobase.php
new file mode 100644
index 0000000..75c0ffc
--- /dev/null
+++ b/tests/phpunit/data/classes/class-foobase.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Foo base class.
+ *
+ * This is for instance to test unserialization results against.
+ *
+ * @package WordPress
+ */
+
+/**
+ * Foo class.
+ */
+class FooBase { }
diff --git a/tests/phpunit/data/classes/class-foointerface.php b/tests/phpunit/data/classes/class-foointerface.php
new file mode 100644
index 0000000..36101b5
--- /dev/null
+++ b/tests/phpunit/data/classes/class-foointerface.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Foo interface class.
+ *
+ * This is for instance to test unserialization results against.
+ *
+ * @package WordPress
+ */
+
+/**
+ * Foo class.
+ */
+interface FooInterface { }
diff --git a/tests/phpunit/tests/functions/class-tests-functions-maybeunserialize.php b/tests/phpunit/tests/functions/class-tests-functions-maybeunserialize.php
new file mode 100644
index 0000000..80ba796
--- /dev/null
+++ b/tests/phpunit/tests/functions/class-tests-functions-maybeunserialize.php
@@ -0,0 +1,150 @@
+<?php
+
+require_once( ABSPATH . '../tests/phpunit/data/classes/class-foo.php' );
+
+/**
+ * Test maybe_unserialize.
+ *
+ * @group functions.php
+ */
+class Tests_Functions_MaybeUnserialize extends WP_UnitTestCase {
+
+	/**
+	 * Object list for testing against.
+	 *
+	 * @var array
+	 */
+	var $object_list = array();
+
+	/**
+	 * Array list for testing against.
+	 *
+	 * @var array
+	 */
+	var $array_list = array();
+
+	/**
+	 * Setup for tests.
+	 */
+	function setUp() {
+		parent::setUp();
+		$this->array_list['foo'] = array(
+			'name' => 'foo',
+			'id' => 'f',
+			'field1' => true,
+			'field2' => true,
+			'field3' => true,
+			'field4' => array(
+				'red',
+			),
+		);
+		$this->array_list['bar'] = array(
+			'name' => 'bar',
+			'id' => 'b',
+			'field1' => true,
+			'field2' => true,
+			'field3' => false,
+			'field4' => array(
+				'green',
+			),
+		);
+		foreach ( $this->array_list as $key => $value ) {
+			$this->object_list[ $key ] = (object) $value;
+		}
+	}
+
+	/**
+	 * Test unserialization default functionality.
+	 */
+	public function test_maybe_unserialize() {
+
+		// Unserialization of array.
+		$serialized_array = serialize( $this->array_list );
+		$unseralized_array = maybe_unserialize( $serialized_array );
+		$this->assertEquals( $unseralized_array, $this->array_list );
+
+		// Unserialization of object.
+		$serialized_object = serialize( $this->object_list );
+		$unseralized_object = maybe_unserialize( $serialized_object );
+		$this->assertEquals( $unseralized_object, $this->object_list );
+	}
+
+	/**
+	 * Test unserialization no classes allowed.
+	 *
+	 * @requires PHP 7.0
+	 */
+	public function test_maybe_unserialize_php7_no_classes() {
+		$foo = new Foo();
+		$serialized_foo = serialize( $foo );
+		$unseralized_foo = maybe_unserialize( $serialized_foo, array(
+			'allowed_classes' => false,
+		) );
+		$this->assertEquals( get_class( $unseralized_foo ), '__PHP_Incomplete_Class' );
+	}
+
+	/**
+	 * Test unserialization different classes allowed.
+	 *
+	 * @requires PHP 7.0
+	 */
+	public function test_maybe_unserialize_php7_different_classes() {
+		$foo = new Foo();
+		$serialized_foo = serialize( $foo );
+		$unseralized_foo = maybe_unserialize( $serialized_foo, array(
+			'allowed_classes' => array(
+				'bar',
+			),
+		) );
+		$this->assertEquals( get_class( $unseralized_foo ), '__PHP_Incomplete_Class' );
+	}
+
+	/**
+	 * Test unserialization class this class implements not allowed.
+	 *
+	 * @requires PHP 7.0
+	 */
+	public function test_maybe_unserialize_php7_implement_classes() {
+		$foo = new Foo();
+		$serialized_foo = serialize( $foo );
+		$unseralized_foo = maybe_unserialize( $serialized_foo, array(
+			'allowed_classes' => array(
+				'FooInterface',
+			),
+		) );
+		$this->assertEquals( get_class( $unseralized_foo ), '__PHP_Incomplete_Class' );
+	}
+
+	/**
+	 * Test unserialization class this class extends not allowed.
+	 *
+	 * @requires PHP 7.0
+	 */
+	public function test_maybe_unserialize_php7_extend_classes() {
+		$foo = new Foo();
+		$serialized_foo = serialize( $foo );
+		$unseralized_foo = maybe_unserialize( $serialized_foo, array(
+			'allowed_classes' => array(
+				'FooBase',
+			),
+		) );
+		$this->assertEquals( get_class( $unseralized_foo ), '__PHP_Incomplete_Class' );
+	}
+
+	/**
+	 * Test unserialization with classes allowed.
+	 *
+	 * @requires PHP 7.0
+	 */
+	public function test_maybe_unserialize_php7_allowed_classes() {
+		$foo = new Foo();
+		$serialized_foo = serialize( $foo );
+		$unseralized_foo = maybe_unserialize( $serialized_foo, array(
+			'allowed_classes' => array(
+				'Foo',
+			),
+		) );
+		$this->assertEquals( get_class( $unseralized_foo ), 'Foo' );
+	}
+
+}