On January 30, 2024, WordPress 6.4.3 was released to the public.
Installation/Update Information
To get this version, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
Maintenance & Security updates
WordPress 6.4.3 includes 5 bug fixes on Core, 16 bug fixes for the Block Editor, and 2 security fixes.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
- @_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
The 6.4.3 release was led by Sarah Norris, Joe McGill, and Aaron Jorbin.
Thank you to everyone who contributed to WordPress 6.4.3.
Aki Hamano, Alex Concha, Alex Lende, Alex Stine, Andrea Fercia, Andrei Draganescu, Andrew Ozz, Andrew Serong, Andy Fragen, Ari Stathopoulos, Artemio Morales, ben, bobbingwide, Carlos Bravo, Carolina Nymark, Česlav Przywara, Colin Stewart, Daniel Käfer, Daniel Richards, Dominik Schilling, Ella, Erik, George Mamadashvili, Greg Ziółkowski, Isabel Brison, Joen A., John Blackbourn, Jonathan Desrosiers, joppuyo, Lax Mariappan, luisherranz, Markus, Michal Czaplinski, Mukesh Panchal, Nik Tsekouras, Niluthpal Purkayastha, Noah Allen, Pascal Birchler, Peter Wilson, ramonopoly, Riad Benguella, Sergey Biryukov, Stephen Bernhardt, Teddy Patriarca, Tonya Mork
For more information, browse the full list of changes on Trac.
Change log
List of files revised
/wp-admin/includes/class-file-upload-upgrader.php /wp-admin/includes/schema.php /wp-admin/about.php /wp-admin/update.php /wp-content/plugins /wp-content/themes/twentyseventeen/inc/icon-functions.php /wp-content/themes/twentyseventeen/template-parts/post/content-audio.php /wp-content/themes/twentyseventeen/template-parts/post/content-video.php /wp-content/themes/twentyseventeen/functions.php /wp-content/themes/twentyseventeen/readme.txt /wp-content/themes/twentyseventeen/style.css /wp-content/themes/twentytwenty/template-parts/pagination.php /wp-content/themes/twentytwenty/comments.php /wp-content/themes/twentytwenty/functions.php /wp-content/themes/twentytwenty/package-lock.json /wp-content/themes/twentytwenty/package.json /wp-content/themes/twentytwenty/readme.txt /wp-content/themes/twentytwenty/style-rtl.css /wp-content/themes/twentytwenty/style.css /wp-content/themes/twentytwentyfour/functions.php /wp-content/themes/twentytwentyone/assets/css/ie.css /wp-content/themes/twentytwentyone/assets/sass/01-settings/file-header.scss /wp-content/themes/twentytwentyone/inc/template-functions.php /wp-content/themes/twentytwentyone/package-lock.json /wp-content/themes/twentytwentyone/package.json /wp-content/themes/twentytwentyone/readme.txt /wp-content/themes/twentytwentyone/style-rtl.css /wp-content/themes/twentytwentyone/style.css /wp-includes/assets/script-loader-packages.min.php /wp-includes/assets/script-loader-packages.php /wp-includes/blocks/cover/style-rtl.css /wp-includes/blocks/cover/style-rtl.min.css /wp-includes/blocks/cover/style.css /wp-includes/blocks/cover/style.min.css /wp-includes/blocks/query.php /wp-includes/css/dist/block-editor/content-rtl.css /wp-includes/css/dist/block-editor/content-rtl.min.css /wp-includes/css/dist/block-editor/content.css /wp-includes/css/dist/block-editor/content.min.css /wp-includes/css/dist/block-library/style-rtl.css /wp-includes/css/dist/block-library/style-rtl.min.css /wp-includes/css/dist/block-library/style.css /wp-includes/css/dist/block-library/style.min.css /wp-includes/css/dist/patterns/style-rtl.css /wp-includes/css/dist/patterns/style-rtl.min.css /wp-includes/css/dist/patterns/style.css /wp-includes/css/dist/patterns/style.min.css /wp-includes/js/dist/block-editor.js /wp-includes/js/dist/block-editor.min.js /wp-includes/js/dist/block-library.js /wp-includes/js/dist/block-library.min.js /wp-includes/js/dist/components.js /wp-includes/js/dist/components.min.js /wp-includes/js/dist/edit-site.js /wp-includes/js/dist/edit-site.min.js /wp-includes/js/dist/editor.js /wp-includes/js/dist/editor.min.js /wp-includes/js/dist/interactivity.js /wp-includes/js/dist/interactivity.min.js /wp-includes/js/dist/patterns.js /wp-includes/js/dist/patterns.min.js /wp-includes/js/dist/reusable-blocks.js /wp-includes/js/dist/reusable-blocks.min.js /wp-includes/canonical.php /wp-includes/default-filters.php /wp-includes/version.php /wp-login.php