all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2

Add to bookmarks
Dec. 6, 2023, 9:20 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site.


We urge all WordPress users to update to 6.4.2 immediately, as this issue could allow full site takeover if another vulnerability is present.


Technical Analysis


We’ve written about Object Injection vulnerabilities in the past, …

attackers code code execution critical december injection object patch php pop psa remote code remote code execution result severity today version vulnerability wordpress

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Proposed Bill Focuses on Voluntary AI Security Incident Reporting 43 minutes ago | malware.news
ai security bill companies cybersecurity +21
The impact of automating open source dependency management 58 minutes ago | malware.news
article business consuming customer +12
Diffusione di malware Keylogger tramite falsa pagina di Agenzia delle Entrate – PuntoFisco 2 hours ago | malware.news
agenzia delle entrate article cert con +5
Stronger cybersecurity aimed by Menlo Security, Google Cloud collaboration 3 hours ago | malware.news
article cloud collaboration customers +13
Mounting global ransomware attacks significantly impact US 4 hours ago | malware.news
article attacks avril haines director +12
Media, think tank, service spoofing conducted in APT42 cyberespionage operations 4 hours ago | malware.news
apt42 campaigns charming kitten cyberespionage +30
Old vulnerable D-Link routers subjected to novel Goldoon botnet attacks 4 hours ago | malware.news
april article attacks botnet +13
Android apps targeted by new Dirty Stream attack 4 hours ago | malware.news
android android apps apps arbitrary code +18
Details on 2021 Chemonics hack remain scant 4 hours ago | malware.news
agency article compromised cyberattack +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Financial Crimes Compliance - Senior - Consulting - Location Open

@ EY | New York City, US, 10001-8604
View on infosec-jobs.com

Software Engineer - Cloud Security

@ Neo4j | Malmö
View on infosec-jobs.com

Security Consultant

@ LRQA | Singapore, Singapore, SG, 119963
View on infosec-jobs.com

Identity Governance Consultant

@ Allianz | Sydney, NSW, AU, 2000
View on infosec-jobs.com

Educator, Cybersecurity

@ Brain Station | Toronto
View on infosec-jobs.com

Principal Security Engineer

@ Hippocratic AI | Palo Alto
View on infosec-jobs.com
View more jobs