On January 30, 2024, WordPress unveiled version 6.4.3, featuring crucial security updates designed to address long-standing but minor security concerns within the WordPress Core.
The first security patch is aimed at resolving an issue where users possessing Administrator (or Super Administrator on Multisite) privileges could upload PHP files directly to a site via the Plugin and Theme file upload mechanism. This potential vulnerability is particularly relevant in heavily restricted configurations that prevent Administrators and Super Administrators from installing plugins and themes through a separate mechanism.
The second patch tackles the way options are stored, implementing a sanitisation process before checking the data type of the option. Arrays and objects, including already serialised data, are serialised again. Although this process occurs when options are updated, it was not performed during site installation, initialisation, or upgrade. This adjustment is intended to mitigate a potential PHP Object Injection issue.
Both identified issues are likely to require a highly privileged user or an attacker stumbling upon a site with an incomplete installation to exploit. As such, their impact on the majority of WordPress sites in the real world is expected to be minimal.
Crucially, these security patches have been backported to version 4.1 and later of WordPress.
In conclusion, the WordPress 6.4.3 update primarily focuses on enhancing security by addressing two minor issues in the WordPress core. While the potential security impact of these concerns is rare, it is advisable to update your WordPress installation within a reasonable timeframe, especially if your site adheres to a hardened configuration due to regulatory requirements.
For users in the UK seeking reliable WordPress web hosting, UK web hosting, UK Litespeed web hosting, and UK Redis cache web hosting, the latest WordPress update adds an extra layer of security to safeguard your online presence. Keeping your WordPress installation up-to-date is essential, and this update provides increased hardening against potential security threats. Consider updating promptly, particularly if your website adheres to stringent regulatory requirements for enhanced protection.
Seeking unparalleled UK web hosting? Discover SharedGrid’s blazing-fast, ultra-secure, and highly dependable solutions. We’re committed to excellence with round-the-clock support, 99.9% uptime, and unmatched speed. Elevate your hosting experience with us. Explore our plans today:SharedGrid Pricing