Thursday, 18 September 2025
29 C
Singapore
30.2 C
Thailand
20.3 C
Indonesia
28.7 C
Philippines

WordPress strengthens security with latest update

Learn how the latest WordPress update, version 6.4.2, tackles a critical security vulnerability to provide better website protection.

WordPress released version 6.4.2, specifically addressing a critical vulnerability in a proactive step to enhance digital security. This flaw, if exploited, could allow attackers to execute PHP code on the site, potentially leading to complete control over the affected websites.

The root of this issue traces back to a feature in WordPress 6.4, which was developed to improve HTML parsing within the block editor. Notably, this vulnerability is unique to versions 6.4 and 6.4.1, leaving earlier versions unaffected.

An official statement from WordPress highlights the gravity of the situation:

“A Remote Code Execution vulnerability that is not directly exploitable in core, however the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installs.”

Further insights from Wordfence, a renowned security firm, shed light on the potential risks:

“Since an attacker able to exploit an Object Injection vulnerability would have full control over the on_destroy and bookmark_name properties, they can use this to execute arbitrary code on the site to gain full control easily.

While WordPress Core currently does not have any known object injection vulnerabilities, they are rampant in other plugins and themes. The presence of an easy-to-exploit POP chain in WordPress core substantially increases the danger level of any Object Injection vulnerability.”

Importance of timely updates for enhanced protection

Despite Object Injection vulnerabilities being challenging to exploit, Wordfence emphasises the importance of updating WordPress to the latest version. WordPress itself underscores the urgency of these updates for improved site protection.

For more detailed information, refer to the official WordPress announcement: WordPress 6.4.2 Maintenance & Security Release.

Additionally, the Wordfence advisory provides further details: PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2.

Hot this week

Devialet launches Phantom Ultimate, a new generation of high-end sound

Devialet introduces Phantom Ultimate, its latest high-end wireless speaker, combining advanced engineering, French design, and new finishes.

Asus unveils US$4,000 ProArt P16 with 4K tandem OLED and RTX 5090

Asus launches its ProArt P16 laptop with a 4K tandem OLED, RTX 5090 GPU, and creator-focused features, priced from US$1,999.

Business China expands youth partnership with polytechnics through new MOUs

Business China partners with Singapore polytechnics to expand youth exchange and China-ready programmes at the 2025 Business China Youth Forum.

Kyndryl reports progress in sustainability and AI governance for 2025

Kyndryl reports 2025 sustainability gains, with emissions cuts, AI governance progress and global recognition for citizenship efforts.

Remote launches AI-powered surveys to boost employee engagement

Remote has launched AI-powered Remote Surveys, helping companies collect and act on employee feedback, alongside new global HR tools.

Garmin introduces Venu 4 smartwatch in Singapore with new health and fitness features

Garmin launches Venu 4 in Singapore with advanced health, fitness, and accessibility features, priced at S$729 from 6 October 2025.

Singapore launches world’s first index to measure design’s economic impact

Singapore launches the Design Power Index, the world’s first framework to measure design’s economic and social impact on business and society.

Business China expands youth partnership with polytechnics through new MOUs

Business China partners with Singapore polytechnics to expand youth exchange and China-ready programmes at the 2025 Business China Youth Forum.

Half of Singapore workers face financial strain as demand for pay flexibility rises

Half of Singapore’s workforce is financially vulnerable, with rising demand for flexible pay and payroll teams struggling under mounting pressure.

Related Articles

Popular Categories