WordPress 6.4.3 – what does the new update fix?

This security and maintenance update, WordPress 6.4.3, includes 5 bug fixes in the core, 16 bug fixes in the Block Editor, and 2 security fixes.

As it is a security update, it is recommended to promptly update your websites. You can download WordPress 6.4.3 from WordPress.org or perform the update from your admin interface. Click on “Updates” and then on the “Update Now” button. If you have websites that support automatic background updates, the update process will initiate automatically.

What does WordPress 6.4.3 fix?

wordpress 6.4.3

WordPress 6.4.3 addresses several security issues and 21 additional bugs. For more detailed information, you can refer to the official page about this version: WordPress 6.4.3 documentation .

A detailed description of the core WordPress fixes is provided here: Make WordPress Core

On the other hand, the errors fixed in the block editor are described here on GitHub: WordPress 6.4.3 GitHub

Fixes in the WordPress Core

  • Text is not highlighted when editing a page in the latest Chrome Dev and Canary.
  • Update default PHP version used in local Docker environment for older versions.
  • wp-login.php: Login messages/errors.
  • Outdated code print_emoji_styles generated during insertion.
  • Attachment pages are restricted only for logged-in users.

PHP File Upload Bypass Fix

The first patch addresses a security vulnerability in the area of uploading PHP files through a vulnerability in the plugin installer. It is a WordPress flaw that allows an attacker to upload PHP files through the plugin or theme upload function. However, this vulnerability was not as severe as it might seem, as the attacker would need administrator-level permissions to execute such an attack.

PHP Object Injection

According to WordPress, the second patch is intended for a Remote Code Execution (RCE) POP Chains vulnerability that could allow an attacker to remotely execute code. RCE POP Chains vulnerability typically means there is a flaw that allows an attacker, through manipulation of input that the WordPress page deserializes, to execute arbitrary code directly on the server. Deserialization is the process where data is converted into a serialized format (like a text string). It is then converted back to its original form. This vulnerability also has a low risk because the attacker would need administrator-level permissions for a successful attack.

The website is created with care for the included information. I strive to provide high-quality and useful content that helps or inspires others. If you are satisfied with my work and would like to support me, you can do so through simple options.

Byl pro Vás tento článek užitečný?

Klikni na počet hvězd pro hlasování.

Průměrné hodnocení. 0 / 5. Počet hlasování: 0

Zatím nehodnoceno! Buďte první

Jak užitečný vidíte tento článek.

Sledujte mě na sociálních médiích.

Je mi líto, že pro Vás nebyl článek užitečný.

Jak mohu vylepšit článek?

Řekněte mi, jak jej mohu zlepšit.

newsletter

Subscribe to the Newsletter

Stay informed! Join our newsletter subscription and be the first to receive the latest information directly to your email inbox. Follow updates, exclusive events, and inspiring content, all delivered straight to your email.

Odebírat
Upozornit na
guest
0 Komentáře/ů
Nejstarší
Nejnovější Nejvíce hlasováno
Vložené zpětné vazby.
Zobrazit všechny komentáře.

Pokud mi chcete napsat rychlou zprávu, využije, prosím, níže uvedený
kontaktní formulář. Děkuji.

Další Kontaktní údaje