The result? The result was a functions.php file that contained over 2000-3000 lines of code, calling all manner of hooks within the theme.

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.

The RCE bugs impact PHP Everywhere, a utility for web developers to be able to use PHP code in pages, posts, the sidebar, or anywhere with a Gutenberg block – editor blocks in WordPress – on ...