Searchenginejournal.com

WordPress Anti-Spam Plugin Vulnerability Affects Up To 60,000+ Sites

A WordPress anti-spam plugin with over 60,000 installations patched a PHP Object injection vulnerability that arose from improper sanitization of inputs, subsequently allowing base64 encoded user ...
Threat Post

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers ...
Threat Post

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs. Two high-severity vulnerabilities in Post Grid, a WordPress plugin ...
Bleeping Computer

Latest PHP Object Injection news

Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours.
Bleeping Computer

WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
Searchenginejournal.com

Vulnerabilities in Two ThemeForest WordPress Themes, 500k+ Sold

A vulnerability advisory was issued about two WordPress themes found on ThemeForest that could allow a hacker to delete arbitrary files and inject malicious scripts into a website. Wordfence issued an ...