WordPress 6.4.2 was released on December 6, 2023, to address a Critical-Severity vulnerability that could allow attackers to execute arbitrary PHP code on WordPress sites. This patch was released to fix a POP chain introduced in version 6.4, which when combined with a separate Object Injection vulnerability, could result in full site takeover if another vulnerability is present. WordPress users are strongly urged to update to version 6.4.2 immediately to safeguard their sites.
The technical analysis of the issue revealed that the problem resides in the WP_HTML_Token class introduced in WordPress 6.4. The class includes a __destruct magic method that, when exploited by an attacker with control over the on_destroy and bookmark_name properties, could lead to the execution of arbitrary code on the site. While there are currently no known object injection vulnerabilities in WordPress Core, such vulnerabilities are common in other plugins and themes. The presence of an easy-to-exploit POP chain in WordPress core significantly increases the risk associated with any Object Injection vulnerability.
The patch introduced in version 6.4.2 includes a simple __wakeup method that prevents the execution of the __destruct function, thereby mitigating the vulnerability. Additionally, Wordfence released a firewall rule to protect premium users, with free users set to receive the same protection on January 5, 2024.
In conclusion, the PSA highlights the significance of the patch for the potentially critical issue in WordPress 6.4-6.4.1. It emphasizes the importance of manually checking and ensuring that sites are updated to version 6.4.2 to prevent the exploitation of any Object Injection vulnerability present in plugins. The advisory recommends sharing the information with other WordPress users to raise awareness about the critical issue that could lead to complete site takeover.
It is worth noting that Wordfence has a Bug Bounty Program, with increased bounties until December 20, 2023. Vulnerability researchers are encouraged to sign up for the program to contribute to the security of WordPress and potentially earn rewards for identifying critical vulnerabilities.
Read Full Article