Bleeping Computer

WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
Threat Post

PHP Everywhere Bugs Put 30K+ WordPress Sites at Risk of RCE

The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said. Tens of ...
Searchenginejournal.com

WordPress Releases Version 6.4.2 For Critical Vulnerability

WordPress has released version 6.4.2 that contains a patch for a critical severity vulnerability that could allow attackers to execute PHP code on the site and potentially lead to a full site takeover ...