Wednesday, 2 April 2025
27.2 C
Singapore
30.6 C
Thailand
21.3 C
Indonesia
27.8 C
Philippines

WordPress strengthens security with latest update

Learn how the latest WordPress update, version 6.4.2, tackles a critical security vulnerability to provide better website protection.

WordPress released version 6.4.2, specifically addressing a critical vulnerability in a proactive step to enhance digital security. This flaw, if exploited, could allow attackers to execute PHP code on the site, potentially leading to complete control over the affected websites.

The root of this issue traces back to a feature in WordPress 6.4, which was developed to improve HTML parsing within the block editor. Notably, this vulnerability is unique to versions 6.4 and 6.4.1, leaving earlier versions unaffected.

An official statement from WordPress highlights the gravity of the situation:

“A Remote Code Execution vulnerability that is not directly exploitable in core, however the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installs.”

Further insights from Wordfence, a renowned security firm, shed light on the potential risks:

“Since an attacker able to exploit an Object Injection vulnerability would have full control over the on_destroy and bookmark_name properties, they can use this to execute arbitrary code on the site to gain full control easily.

While WordPress Core currently does not have any known object injection vulnerabilities, they are rampant in other plugins and themes. The presence of an easy-to-exploit POP chain in WordPress core substantially increases the danger level of any Object Injection vulnerability.”

Importance of timely updates for enhanced protection

Despite Object Injection vulnerabilities being challenging to exploit, Wordfence emphasises the importance of updating WordPress to the latest version. WordPress itself underscores the urgency of these updates for improved site protection.

For more detailed information, refer to the official WordPress announcement: WordPress 6.4.2 Maintenance & Security Release.

Additionally, the Wordfence advisory provides further details: PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2.

Hot this week

Chinese EV makers urged to expand globally despite tariff challenges

Chinese EV makers are urged to expand globally despite rising tariffs. Industry experts stress the need for overseas production and strategic partnerships.

Samsung Galaxy A06 5G offers modern features at an affordable S$228

The Samsung Galaxy A06 5G, with a 50MP camera and 5,000mAh battery, launches in Singapore on March 21, 2025, for S$228.

Chinese investor questions commercial future of humanoid robots

Chinese venture capitalist Allen Zhu questions the commercial potential of humanoid robots, sparking debate amid rising AI investment in China.

OpenAI set to finalise US$40 billion funding round led by SoftBank

According to Bloomberg, OpenAI is close to finalising a US$40 billion funding round led by SoftBank, which will raise its valuation to US$300 billion.

World Backup Day 2025 highlights the shift from backup to restore in AI-driven era

Pure Storage calls for a shift from backup to rapid restore on World Backup Day 2025, highlighting AIโ€™s demand for resilient data recovery.

Exabeam introduces Nova, an agentic AI that boosts cybersecurity operations

Exabeam unveils Nova, a proactive AI agent that boosts security team productivity and reduces incident investigation time by over 50%.

NUS partners with Microsoft Research Asia to advance AI research and nurture future tech talent

NUS and Microsoft Research Asia partner to boost AI research and develop future computing talent through a joint PhD and industry collaboration.

Tenable reveals privilege escalation flaw in Google Cloud Run

Tenable uncovers a privilege escalation flaw in Google Cloud Run, exposing risks linked to inherited permissions and service interdependencies.

Evento Seguro simplifies insurance access for event organisers in Brazil

Evento Seguro by Chubb makes event insurance easier for Brazilian organisers through a digital platform by Sympla and discovermarket.

Related Articles