#PHPCodeExecution

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

by

December 8, 2023 at 04:48AM WordPress version 6.4.2 patches a critical security flaw potentially exploitable with plugins, particularly in multisite setups. The vulnerability stems from the WP_HTML_Token class and can lead to arbitrary PHP code execution when chained with other bugs. Patchstack advises developers to replace ‘unserialize’ function calls to prevent attacks. Takeaways from the … Read more

WordPress fixes POP chain exposing websites to RCE attacks

by

December 7, 2023 at 03:17PM WordPress version 6.4.2 fixes a critical RCE vulnerability, exploitable via a flaw in plugins or themes. Although the core issue isn’t critical alone, it can lead to arbitrary PHP code execution when combined with other vulnerabilities, particularly on multisite installations. Users are advised to manually verify their WordPress update. Meeting … Read more