WordPress Update Rolls Out Version 6.4.2 To Address Critical Security Issue.

WordPress rolled out its new W6.4.2 update as an “emergency WordPress update” to fix a severe security issue. The platform also requests people to update to the latest version “as soon as possible.”

WordPress is one of the biggest website creation and hosting platforms, powering over 60% of all websites on the internet. Therefore, any security issue due to a bug in the tool can lead to the downfall of half of all websites on the internet.

Recently, after the WordPress 6.4.0 version update was rolled out, the developers found an irregularity in the program.

There appears to be a significant security vulnerability in the latest update that allows hackers to execute a PHP code and completely take control of a website.

As their developers explain, this security loophole was first seen in a new WordPress update. While this update is meant to improve HTML parsing while you are using the block editor, executing a PHP code there can lead to more malicious acts.

This feature was introduced in version 6.4.0. Therefore, only users using WordPress 6.4.0 and 6.4.1 are at risk here. You are not at risk here if you are still using an older version. However, the developers urge all users to update to the latest version.

This is what the WordPress developers have said regarding this issue:

“A Remote Code Execution vulnerability that is not directly exploitable in core, however the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installs.”

Moreover, this is what WordFence has to say regarding this vulnerability:

“Since an attacker able to exploit an Object Injection vulnerability would have full control over the on_destroy and bookmark_name properties, they can use this to execute arbitrary code on the site to gain complete control quickly.

While WordPress Core currently has no known object injection vulnerabilities, they are rampant in other plugins and themes. The presence of an easy-to-exploit POP chain in WordPress core substantially increases the danger level of any Object Injection vulnerability.”

Therefore, if you are using WordPress version 6.4.0 and above, we recommend you update WordPress immediately.

Also read

• Safety Measures Worth Considering For Your Business.
• The 3 Digital Marketing Frameworks You Should Know About In 2024
• What Are AI Writing Prompts? How To Get Better At Writing AI Writing Prompts?