WordPress Critical-Severity vulnerability
Thanks to the constant work we do across all our hosted websites and the technical publications we keep a close eye on we were able to safely bypass a recent ‘Critical-Severity’ vulnerability in WordPress.
We were informed from one of the most trusted WordPress security agencies that a recent version of WordPress contained a possible vulnerability. So we were able to update all our sites before this issue became widely known about and averting any issues. So rest assured that your website will continue to be as safe as it can be and you don’t have to worry about it.
The notice we received was as follows:
WordPress 6.4.2 was released, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site.
We urge all WordPress users to update to 6.4.2 immediately, as this issue could allow full site takeover if another vulnerability is present.