The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers ...

Critical remote code execution (RCE) vulnerabilities in a popular WordPress plugin have been made public. The RCE bugs impact PHP Everywhere, a utility for web developers to be able to use PHP code in ...

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository ...

Elegant Themes announced that several of their products contained a code injection vulnerability and should be updated right away. The vulnerability allows an untrustworthy user to execute PHP ...

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability.