A flaw in two WordPress plugins allowed malicious comments to run PHP code on sites.

Elegant Themes announced that several of their products contained a code injection vulnerability and should be updated right away. The vulnerability allows an untrustworthy user to execute PHP ...

Security vendor Wordfence has revealed a new PHP code injection vulnerability with a CVSS score of 9.8, which could enable remote code execution (CVE-2023-6553). The impacted plugin, Backup Migration, ...

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository ...

A new process injection technique named 'Mockingjay' could allow threat actors to bypass EDR (Endpoint Detection and Response) and other security products to stealthily execute malicious code on ...

The majority of the remaining vulnerabilities are marked as "moderately critical ". Among other things, PHP code injection can occur at these points, allowing attackers to execute their own code.

A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the ...