WordPress released a security update this week to address a remote code execution (RCE) vulnerability in the popular content management system (CMS).
A property oriented programming (POP) chain issue that was introduced in WordPress core 6.4 is the flaw that the open source CMS attempts to fix. When paired with another object injection vulnerability, it gives attackers the ability to run PHP code on websites that are susceptible. The Wordfence team at WordPress security company Defiant explains that the bug was found in a class that was added in WordPress 6.4 to enhance HTML parsing in the block editor.
A function that is automatically launched by PHP after a request has been processed and that makes use of properties that an attacker could have complete control over is part of the vulnerable class.
Read More: WordPress 6.4.2 Patches Remote Code Execution Vulnerability
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
