Threat Post

Updates Fix PHP-Injection Flaw in Popular WordPress Plugins

A pair of popular WordPress plugins used to help sites cache content have fixed serious vulnerabilities that attackers could exploit simply by including special HTML code in a comment. Both WP Super ...
Business Wire

Polyverse Thwarts PHP Vulnerabilities, WordPress Attacks

BELLEVUE, Wash.--(BUSINESS WIRE)--Polyverse Corporation today announced its R&D project, Polyscripting, stops all PHP code injection and execution vulnerabilities detailed in a whitepaper recently ...
Ars Technica

Hackers backdoor PHP source code after breaching internal git server

A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open ...
Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...
Searchenginejournal.com

WordPress Divi Theme Code Injection Vulnerability

Elegant Themes announced that several of their products contained a code injection vulnerability and should be updated right away. The vulnerability allows an untrustworthy user to execute PHP ...
Bleeping Computer

Latest Code Injection news

Hewlett Packard Enterprise (HPE) has patched a maximum-severity vulnerability in its HPE OneView software that enables attackers to execute arbitrary code remotely. SAP has released its November ...