Threat Post

Updates Fix PHP-Injection Flaw in Popular WordPress Plugins

A pair of popular WordPress plugins used to help sites cache content have fixed serious vulnerabilities that attackers could exploit simply by including special HTML code in a comment. Both WP Super ...
Business Wire

Polyverse Thwarts PHP Vulnerabilities, WordPress Attacks

BELLEVUE, Wash.--(BUSINESS WIRE)--Polyverse Corporation today announced its R&D project, Polyscripting, stops all PHP code injection and execution vulnerabilities detailed in a whitepaper recently ...
Bleeping Computer

Hackers use PHP exploit to backdoor Windows systems with new malware

Unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university's Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability ...
Searchenginejournal.com

WordPress Divi Theme Code Injection Vulnerability

Elegant Themes announced that several of their products contained a code injection vulnerability and should be updated right away. The vulnerability allows an untrustworthy user to execute PHP ...
Bleeping Computer

Latest Code Injection news

Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical ...
MyBroadband

Top 10 Web application vulnerabilities

Cenzic, a provider of Web application security vulnerability assessment and risk management solutions, has released their Web Application Security Trends Report – Q1-Q2, 2009. Among the findings of ...
Ars Technica

Hackers backdoor PHP source code after breaching internal git server

A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open ...