Since our last report, 109 new vulnerabilities have been publicly disclosed. Security patches for 57 plugins are available now, so run those updates as soon as possible. If you�re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there is one theme and 52 plugin vulnerabilities with no patch available yet. If you�re a Solid Security Pro user, those vulnerabilities are protected by the Solid Security firewall with virtual patches from Patchstack.
WordPress Core
WordPress 6.4.1 was released on November 8 as a short-cycle maintenance release to address several bugs, including loss of backward compatibility with a dependency, cURL 7.29 or earlier. This broke the WordPress internal update facility on servers running very old, insecure cURL versions.
WordPress 6.4 was released on November 7 as the third major release of 2023. Following a major release, you should not update live sites without taking backups and testing the update in a non-production environment first.