wordpress 6.4.3 security release fixes two vulnerabilities

It's WordPress that allows attacker to upload PHP files via the plugin and uploader.   According to WordPress the second patch is for Remote Code Execution POP Chains vulnerability which could allow attacker to execute code..   RCE POP Chains vulnerability means that there's flaw that allows attacker, typically through manipulating input that WordPress site deserializes, to execute arbitrary code on the server..   Deserialization is the process where data is converted into serialized format deserialization is the part when it's converted back into its original form...   Wordfence describes this vulnerability as PHP Object Injection vulnerability and does not mention RCE POP Chains part...   The second patch addresses the way that options are stored it first sanitizes them and already serialized data.   Nevertheless, WordPress announcement of the security and maintenance release recommends updating WordPress installation..   o the above five fixes to the Core there are 16 bug fixes to Block Editor...   Read WordPress Security and Maintenance Release announcement.   The Wordfence of the vulnerabilities.   Read more