WordPress rolled out its new W6.4.2 update as an “emergency WordPress update” to fix a severe security issue. The platform also requests people to update to the latest version “as soon as possible.”

WordPress is one of the biggest website creation and hosting platforms, powering over 60% of all websites on the internet. Therefore, any security issue due to a bug in the tool can lead to the downfall of half of all websites on the internet.

Recently, after the WordPress 6.4.0 version update was rolled out, the developers found an irregularity in the program.

There appears to be a significant security vulnerability in the latest update that allows hackers to execute a PHP code and completely take control of a website.

As their developers explain, this security loophole was first seen in a new WordPress update. While this update is meant to improve HTML parsing while you are using the block editor, executing a PHP code there can lead to more malicious acts.

This feature was introduced in version 6.4.0. Therefore, only users using WordPress 6.4.0 and 6.4.1 are at risk here. You are not at risk here if you are still using an older version. However, the developers urge all users to update to the latest version.

This is what the WordPress developers have said regarding this issue:

“A Remote Code Execution vulnerability that is not directly exploitable in core, however the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installs.”

Moreover, this is what WordFence has to say regarding this vulnerability:

“Since an attacker able to exploit an Object Injection vulnerability would have full control over the on_destroy and bookmark_name properties, they can use this to execute arbitrary code on the site to gain complete control quickly.

While WordPress Core currently has no known object injection vulnerabilities, they are rampant in other plugins and themes. The presence of an easy-to-exploit POP chain in WordPress core substantially increases the danger level of any Object Injection vulnerability.”

Therefore, if you are using WordPress version 6.4.0 and above, we recommend you update WordPress immediately.

Also read

Debamalya Mukherjee

Debamalya is a professional content writer from Kolkata, India. Constantly improving himself in this industry for more than four years, he has amassed immense knowledge regarding his niches of writing tech and gaming articles. He loves spending time with his cats, along with playing every new PC action game as soon as possible.

View all Posts

Leave a Reply

Your email address will not be published. Required fields are marked *