This security and maintenance update, WordPress 6.4.3, includes 5 bug fixes in the core, 16 bug fixes in the Block Editor, and 2 security fixes.
As it is a security update, it is recommended to promptly update your websites. You can download WordPress 6.4.3 from WordPress.org or perform the update from your admin interface. Click on “Updates” and then on the “Update Now” button. If you have websites that support automatic background updates, the update process will initiate automatically.
What does WordPress 6.4.3 fix?
WordPress 6.4.3 addresses several security issues and 21 additional bugs. For more detailed information, you can refer to the official page about this version: WordPress 6.4.3 documentation .
A detailed description of the core WordPress fixes is provided here: Make WordPress Core
On the other hand, the errors fixed in the block editor are described here on GitHub: WordPress 6.4.3 GitHub
Fixes in the WordPress Core
- Text is not highlighted when editing a page in the latest Chrome Dev and Canary.
- Update default PHP version used in local Docker environment for older versions.
- wp-login.php: Login messages/errors.
- Outdated code print_emoji_styles generated during insertion.
- Attachment pages are restricted only for logged-in users.
PHP File Upload Bypass Fix
The first patch addresses a security vulnerability in the area of uploading PHP files through a vulnerability in the plugin installer. It is a WordPress flaw that allows an attacker to upload PHP files through the plugin or theme upload function. However, this vulnerability was not as severe as it might seem, as the attacker would need administrator-level permissions to execute such an attack.
PHP Object Injection
According to WordPress, the second patch is intended for a Remote Code Execution (RCE) POP Chains vulnerability that could allow an attacker to remotely execute code. RCE POP Chains vulnerability typically means there is a flaw that allows an attacker, through manipulation of input that the WordPress page deserializes, to execute arbitrary code directly on the server. Deserialization is the process where data is converted into a serialized format (like a text string). It is then converted back to its original form. This vulnerability also has a low risk because the attacker would need administrator-level permissions for a successful attack.
The website is created with care for the included information. I strive to provide high-quality and useful content that helps or inspires others. If you are satisfied with my work and would like to support me, you can do so through simple options.
Je mi líto, že pro Vás nebyl článek užitečný.
Jak mohu vylepšit článek?
Řekněte mi, jak jej mohu zlepšit.
Subscribe to the Newsletter
Stay informed! Join our newsletter subscription and be the first to receive the latest information directly to your email inbox. Follow updates, exclusive events, and inspiring content, all delivered straight to your email.