wordpress releases version 6.4.2 for critical vulnerability

WordPress has released version 6.4.2 that contains patch for vulnerability that could allow attackers to execute PHP code on the site lead to full site takeover..   The vulnerability was traced back to feature introduced WordPress 6.4 that was meant to improve HTML parsing in the block editor..   The issue is not present earlier versions of WordPress and it affects versions 6.4 and 6.4.1...   WordPress announcement describes the vulnerability..   Remote Code Execution vulnerability that is not directly core, however the team feels that there is potential for severity especially in multisite installs...   they can use this to execute arbitrary code on the site to gain full control..   The presence of POP chain WordPress core increases the danger level of any Object Injection vulnerability...   Wordfence advises that Object Injection vulnerabilities are not easy to exploit.   Nonetheless they recommending that users of WordPress update the latest versions..   Read WordPress announcement.   Read more