Threat Post

PHP Applications, WordPress Subject to Ghost glibc Vulnerability

Researchers at Sucuri revealed that applications such as WordPress that support PHP could also be subject to the Ghost vulnerability in glibc. Less than 48 hours after the disclosure of the Ghost ...
ZDNet

PHP Everywhere code execution bugs impact thousands of WordPress websites

Critical remote code execution (RCE) vulnerabilities in a popular WordPress plugin have been made public. The RCE bugs impact PHP Everywhere, a utility for web developers to be able to use PHP code in ...
The Droid Guy

How to Identify Which WordPress Plugin or Theme Is Blocking Your PHP Update and Preventing a Smooth Upgrade

If you’ve logged into your WordPress dashboard and seen the warning that your site is running on PHP 7.4.33, you’re not alone. This outdated version no longer receives security updates, which makes ...
Bleeping Computer

WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
Bleeping Computer

Over 90 WordPress themes, plugins backdoored in supply chain attack

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 ...