all InfoSec news
PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2
Malware Analysis, News and Indicators - Latest topics malware.news
WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site.
We urge all WordPress users to update to 6.4.2 immediately, as this issue could allow full site takeover if another vulnerability is present.
Technical Analysis
We’ve written about Object Injection vulnerabilities in the past, …
attackers code code execution critical december injection object patch php pop psa remote code remote code execution result severity today version vulnerability wordpress