When it comes to vulnerabilities, it is always best to remain alert, especially when it comes to software and utilities whose security must be maintained at extremely high levels in order to protect your company. We recently talked, for example, about the new variant of the HeadCrab malware, apparently already present on over 1,000 servers to steal sensitive data.
Now, however, we are approaching numerous commercial realities that are based on WordPress for their online business. With the latest version of the popular software, number 6.4.2, the fix for a vulnerability which allows remote execution of infected code. Better download it as soon as possible to protect your websites!
Update WordPress to protect it from hackers!
According to TechRadar following the original WordPress post, version 6.4 was vulnerable to a POP (Property Oriented Programming) flaw that could be actively exploited to arbitrarily execute PHP code, albeit in very specific circumstances. To be precise, the target website needed to include a vulnerable plug-in or add-on with the flaw in question, thus allowing code execution.
These are WordPress words: “A remote code execution vulnerability that is not directly exploitable. However, the security team believes that there is a potential for high severity when combined with some plugins”.
Patch 6.4.2 has therefore fixed this flaw, but all sites that remain at previous versions will remain vulnerable. Therefore, We strongly recommend downloading the latest update of WordPress in such a way as to avoid unpleasant inconveniences.