WordPress 6.4.3: Vulnerability fixes and security improvements
The WordPress 6.4.3 update was released in response to two discovered vulnerabilities and also includes 21 bug fixes. The first patch addresses a vulnerability that allows PHP files to be downloaded via the plugin installer to be bypassed. This is a flaw in WordPress that allows attackers to download PHP files using the plugin and theme uploader. However, this vulnerability is not so terrible, since attackers need administrator rights to use it.
"The second patch addresses the way that options are stored - it first sanitizes them before checking the data type of the option - arrays and objects are serialized, as well as already serialized data, which is serialized again. While this already happens when options are updated, it was not performed during site installation, initialization, or upgrade."
🚀 The WordPress system, according to the fix, changes the way options are stored - first clears them, then checks the data type of the option - arrays and objects are serialized, as well as already serialized data being serialized again. Although this already happens when updating options, it was not done during installation, initialization or updating the site.
- 📌 PHP File Upload Bypass and PHP Object Injection vulnerabilities have been fixed
- 📌 The update also includes 21 bug fixes
- 📌 WordPress recommends that you update your sites immediately
Статтю згенеровано з використанням ШІ на основі зазначеного матеріалу, відредаговано та перевірено автором вручну для точності та корисності.
https://www.searchenginejournal.com/wordpress-6-4-3-security-release-fixes-two-vulnerabilities/506844/
