Thursday, 24 April 2025
28.5 C
Singapore
33.3 C
Thailand
20.7 C
Indonesia
29.4 C
Philippines

WordPress strengthens security with latest update

Learn how the latest WordPress update, version 6.4.2, tackles a critical security vulnerability to provide better website protection.

WordPress released version 6.4.2, specifically addressing a critical vulnerability in a proactive step to enhance digital security. This flaw, if exploited, could allow attackers to execute PHP code on the site, potentially leading to complete control over the affected websites.

The root of this issue traces back to a feature in WordPress 6.4, which was developed to improve HTML parsing within the block editor. Notably, this vulnerability is unique to versions 6.4 and 6.4.1, leaving earlier versions unaffected.

An official statement from WordPress highlights the gravity of the situation:

“A Remote Code Execution vulnerability that is not directly exploitable in core, however the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installs.”

Further insights from Wordfence, a renowned security firm, shed light on the potential risks:

“Since an attacker able to exploit an Object Injection vulnerability would have full control over the on_destroy and bookmark_name properties, they can use this to execute arbitrary code on the site to gain full control easily.

While WordPress Core currently does not have any known object injection vulnerabilities, they are rampant in other plugins and themes. The presence of an easy-to-exploit POP chain in WordPress core substantially increases the danger level of any Object Injection vulnerability.”

Importance of timely updates for enhanced protection

Despite Object Injection vulnerabilities being challenging to exploit, Wordfence emphasises the importance of updating WordPress to the latest version. WordPress itself underscores the urgency of these updates for improved site protection.

For more detailed information, refer to the official WordPress announcement: WordPress 6.4.2 Maintenance & Security Release.

Additionally, the Wordfence advisory provides further details: PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2.

Hot this week

ChatGPT trend raises privacy concerns with photo-based location searches

People use ChatGPT to identify photo locations, raising privacy concerns as new AI tools make “reverse location search” easier than ever.

Qualcomm unveils new Snapdragon 8s Gen 4 with high-end features for less

Qualcomm quietly unveils the Snapdragon 8s Gen 4 with high-end features and strong performance for next-gen smartphones at a lower price.

OpenAI’s latest reasoning AI models are more prone to making mistakes

OpenAI’s new o3 and o4-mini AI models perform better in some areas but hallucinate more often than their predecessors, raising concerns.

POCO launches entry-level C71 smartphone in Singapore with premium features

POCO launches the budget-friendly C71 smartphone in Singapore, offering premium design, enhanced cameras, and smooth performance at S$109.

Preorders for the Nintendo Switch 2 officially begin on April 24

Preorders for the Nintendo Switch 2 open on April 24. The device's launch date is June 5, and it offers new features, games, and accessories to explore.

WhatsApp adds new Advanced Chat Privacy feature to boost group chat security

WhatsApp's new Advanced Chat Privacy feature helps stop group chat content from being shared or saved outside the app.

Global PC shipments rise 6.7% in early 2025 as AI and tariffs drive demand

PC shipments rose 6.7% in Q1 2025, boosted by AI demand and tariff concerns, but growth is expected to slow later in the year.

POCO launches entry-level C71 smartphone in Singapore with premium features

POCO launches the budget-friendly C71 smartphone in Singapore, offering premium design, enhanced cameras, and smooth performance at S$109.

NVIDIA uses AI to address climate, wildlife and disaster risks

NVIDIA’s AI tools support climate action, wildlife monitoring, and disaster risk mitigation, with uses spanning sea, land, sky and space.

Related Articles

Popular Categories