=====================================================================

                                CERT-Renater

                    Note d'Information No. 2024/VULN071
_____________________________________________________________________

DATE                : 31/01/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running WordPress versions prior to
                                        6.4.3.

=====================================================================
https://wordpress.org/news/2024/01/wordpress-6-4-3-maintenance-and-security-release/
_____________________________________________________________________

WordPress 6.4.3 – Maintenance and Security release

This security and maintenance release features 5 bug fixes on
Core, 16 bug fixes for the Block Editor, and 2 security fixes.

Because this is a security release, it is recommended that you
update your sites immediately. Backports are also available for
other major WordPress releases, 4.1 and later.

You can download WordPress 6.4.3 from WordPress.org, or visit your
WordPress Dashboard, click “Updates”, and then click “Update Now”.
If you have sites that support automatic background updates, the
update process will begin automatically.

WordPress 6.4.3 is a short-cycle release. The next major release
will be version 6.5 planned for 26 March 2024. You can review a
summary of the maintenance updates in this release by reading
the Release Candidate announcement. For further information on
this release, please visit the HelpHub site.
Security updates included in this release

The security team would like to thank the following people for
responsibly reporting vulnerabilities, and allowing them to be
fixed in this release:

     m4tuto for finding a PHP File Upload bypass via Plugin
Installer (requiring admin privileges).
     @_s_n_t of @pentestltd working with Trend Micro Zero Day
Initiative for finding an RCE POP Chains vulnerability.

Thank you to these WordPress contributors

This release was led by Sarah Norris, Joe McGill, and Aaron
Jorbin.

WordPress 6.4.3 would not have been possible without the
contributions of the following people. Their asynchronous
coordination to deliver maintenance and security fixes into
a stable release is a testament to the power and capability
of the WordPress community.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================