Wednesday, 3 September 2025
29 C
Singapore
32.9 C
Thailand
19.1 C
Indonesia
28.2 C
Philippines

WordPress strengthens security with latest update

Learn how the latest WordPress update, version 6.4.2, tackles a critical security vulnerability to provide better website protection.

WordPress released version 6.4.2, specifically addressing a critical vulnerability in a proactive step to enhance digital security. This flaw, if exploited, could allow attackers to execute PHP code on the site, potentially leading to complete control over the affected websites.

The root of this issue traces back to a feature in WordPress 6.4, which was developed to improve HTML parsing within the block editor. Notably, this vulnerability is unique to versions 6.4 and 6.4.1, leaving earlier versions unaffected.

An official statement from WordPress highlights the gravity of the situation:

“A Remote Code Execution vulnerability that is not directly exploitable in core, however the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installs.”

Further insights from Wordfence, a renowned security firm, shed light on the potential risks:

“Since an attacker able to exploit an Object Injection vulnerability would have full control over the on_destroy and bookmark_name properties, they can use this to execute arbitrary code on the site to gain full control easily.

While WordPress Core currently does not have any known object injection vulnerabilities, they are rampant in other plugins and themes. The presence of an easy-to-exploit POP chain in WordPress core substantially increases the danger level of any Object Injection vulnerability.”

Importance of timely updates for enhanced protection

Despite Object Injection vulnerabilities being challenging to exploit, Wordfence emphasises the importance of updating WordPress to the latest version. WordPress itself underscores the urgency of these updates for improved site protection.

For more detailed information, refer to the official WordPress announcement: WordPress 6.4.2 Maintenance & Security Release.

Additionally, the Wordfence advisory provides further details: PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2.

Hot this week

ASUS introduces NUC 15 Performance mini PC in Singapore

ASUS launches the NUC 15 Performance mini PC in Singapore, offering Intel Core Ultra processors, RTX graphics, and Wi-Fi 7.

Double Fine’s Keeper introduces a charming new puzzle adventure

Double Fine’s Keeper is a puzzle adventure featuring a walking lighthouse and a bird companion, launching on 17 October on Xbox and PC.

Hackers exploit hidden malware in images processed by AI chatbots

Researchers warn that hackers can conceal malicious prompts in AI-processed images, posing a significant security risk to multimodal systems.

Genshin Impact introduces the new Nod-Krai region in Version Luna I update launching 10 September

Genshin Impact Version Luna I launches on 10 September, adding Nod-Krai, new characters, mechanics and rewards to mark its fifth anniversary.

Nvidia CEO says AI spending boom is only beginning

Nvidia CEO Jensen Huang predicts AI spending could reach US$4 trillion by 2030, rejecting fears of a slowdown in chip demand.

Amazon launches new AWS region in New Zealand

Amazon launches its first AWS infrastructure region in New Zealand, investing NZ$7.5b to boost jobs, cloud services, and sustainability.

Global Anti-Scam Summit Asia 2025 launches major initiatives to fight online fraud

Global Anti-Scam Summit Asia 2025 in Singapore unveils new initiatives to fight scams with technology, funding, and cross-border collaboration.

Google Play Games to introduce new profiles with stats and social features

Google is introducing new Play Games profiles on Android, featuring gaming stats, achievements, and social tools, rolling out from 23 September.

China enforces mandatory AI content labels on major social media platforms

China’s major social media platforms are now required to label AI-generated content under a new law aimed at curbing misinformation and enhancing oversight.

Related Articles

Popular Categories