diff --git a/wp-includes/load.php b/wp-includes/load.php
index 77e17b3f8b..520902cdd6 100644
--- a/wp-includes/load.php
+++ b/wp-includes/load.php
@@ -126,7 +126,12 @@ function wp_populate_basic_auth_from_authorization_header() {
 	$token    = substr( $header, 6 );
 	$userpass = base64_decode( $token );
 
-	list( $user, $pass ) = explode( ':', $userpass );
+	// There must be at least one colon in the string.
+	if ( ! str_contains( $userpass, ':' ) ) {
+		return;
+	}
+
+	list( $user, $pass ) = explode( ':', $userpass, 2 );
 
 	// Now shove them in the proper keys where we're expecting later on.
 	$_SERVER['PHP_AUTH_USER'] = $user;
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 4d5d7c74e0..138443ba43 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.4-beta2-56803';
+$wp_version = '6.4-beta2-56804';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.