WordPress 6.4.2: Addressing The Critical Remote Vulnerability
WordPress has rolled out version 6.4.2, addressing a critical security flaw prone to exploitation by threat actors when combined with another bug. The remote code execution vulnerability, though not directly exploitable in the core, poses a significant risk when paired with certain plugins, particularly in multisite installations. The flaw originates in the WP_HTML_Token class introduced in version 6.4 to enhance HTML parsing in the block editor. Exploiting a PHP object injection vulnerability in any plugin or theme allows threat actors to chain the two issues, executing arbitrary code and gaining control over the targeted site. Users are strongly urged to manually update their sites to the latest version to prevent potential exploits.
Wordfence, a WordPress security company, emphasizes the importance of addressing the vulnerability, cautioning that a property-oriented programming (POP) chain via an additional plugin or theme could enable attackers to delete files, access sensitive data, or execute code. Patchstack, in a related advisory, notes the availability of an exploitation chain on GitHub as of November 17, incorporated into the PHP Generic Gadget Chains (PHPGGC) project. Developers are advised to replace function calls to the unserialize function with alternatives like JSON encoding/decoding for enhanced security. Vigilance in updating and checking sites for the latest version is crucial to thwart potential security breaches.
Reference: https://www.wordfence.com/blog/2023/09/two-php-object-injection-vulnerabilities-fixed-in-essential-blocks/ | https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/
Notice: EntreBase Trust & Safety; Threat Advisory information is monitored daily and continuously updated, maintained, and populated by industry-leading Vulnerability and Threat Intelligence sources containing over 12,000 records for vulnerabilities in Email Security, Website Security, WordPress plugins, themes, and core. The database is actively maintained by a team of highly credentialed and industry-leading vulnerability researchers and analysts with dozens of vulnerabilities added per week.
Did you find this article helpful? Please share this article below and help us spread the word, Thanks!