The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers ...

A WordPress anti-spam plugin with over 60,000 installations patched a PHP Object injection vulnerability that arose from improper sanitization of inputs, subsequently allowing base64 encoded user ...

A critical severity vulnerability was discovered and patched in the Better Search Replace plugin for WordPress which has over 1 million active website installs. Successful attacks could lead to ...

An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Newsletter, a WordPress plugin with more than 300,000 installations, has a pair ...

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.

A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. Ivanti has released security updates for Ivanti Connect ...

Hackers are (ab)using unpatched zero-day vulnerabilities in approximately 20 Magento extensions to plant payment card skimmers on online stores, according to Dutch security expert Willem de Groot. The ...

Details have been published online last week about a vulnerability in older versions of the Joomla content management system (CMS), a popular web-based application for building and managing websites.

Facebook has fixed two critical vulnerabilities in its popular WordPress plugin which could have been exploited to enable full site takeover, according to Wordfence. The security company revealed ...