Title: Version 6.4.7
Author: Jb Audras
Published: September 30, 2025

---

# Version 6.4.7

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#summary)
    - [Security updates](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#maintenance-updates)
 * [Change log](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#changelog)
    - [List of files revised](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#list-of-files-revised)
    - [List of packages revised](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#list-of-packages-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#wp--skip-link--target)

On September 30, 2025, WordPress 6.4.7 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#installation-update-information)󠁿

To get this version, update automatically from the Dashboard > Updates menu in your
site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 * [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 * [New To WordPress – Where to Start](https://wordpress.org/support/article/new_to_wordpress_-_where_to_start/)
 * [First Steps With WordPress](https://wordpress.org/support/article/first-steps-with-wordpress/)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 * [WordPress Lessons](https://wordpress.org/support/article/wordpress-lessons/)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#summary)󠁿

### 󠀁[Security updates](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#maintenance-updates)󠁿

This release features 2 security fixes. Because this is a security release, **it
is recommended that you update your sites immediately.**

The security team would like to thank the following people for [responsibly reporting vulnerabilities](https://hackerone.com/wordpress?type=team),
and allowing them to be fixed in this release:

 * A data exposure issue where authenticated users could access some restricted 
   content. Independently reported by [Mike Nelson](https://hackerone.com/mnelson4),
   [Abu Hurayra](https://hackerone.com/hurayraiit), [Timothy Jacobs](https://profiles.wordpress.org/timothyblynjacobs/)
   and [Peter Wilson](https://profiles.wordpress.org/peterwilsoncc/).
 * A cross-site scripting (XSS) vulnerability requiring an authenticated role that
   affects the nav menus. Reported by [Phill Savage](https://x.com/Savphill).

As a courtesy to users on older branches of WordPress, these fixes are available
in branches of WordPress going back to WordPress 4.7.

## 󠀁[Change log](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#changelog)󠁿

### 󠀁[List of files revised](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    /wp-admin/about.php/wp-admin/js/customize-nav-menus.js/wp-admin/js/nav-menu.js/wp-includes/class-wp-customize-nav-menus.php/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php/wp-includes/version.php
    ```

### 󠀁[List of packages revised](https://wordpress.org/documentation/wordpress-version/version-6-4-7/?output_format=md#list-of-packages-revised)󠁿

No package was revised.

First published

September 30, 2025

Last updated