Security News > 2023 > December > WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability
2023-12-08 09:23
WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the security team feels that there is a potential for high severity when combined with some plugins,
News URL
https://thehackernews.com/2023/12/wordpress-releases-update-642-to.html
Related news
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)