Security News > 2023 > December > WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability
2023-12-08 09:23
WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the security team feels that there is a potential for high severity when combined with some plugins,
News URL
https://thehackernews.com/2023/12/wordpress-releases-update-642-to.html
Related news
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks (source)
- Critical zero-days impact premium WordPress real estate plugins (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)