Bleeping Computer

PHP Everywhere RCE flaws threaten thousands of WordPress sites

Researchers found three critical remote code execution (RCE) vulnerabilities in the 'PHP Everywhere' plugin for WordPress, used by over 30,000 websites worldwide. PHP Everywhere is a plugin that ...
Searchenginejournal.com

WordPress Proposes Plan for 61% of WP Sites Using Outdated PHP

PHP is the underlying scripting language that WordPress runs on. The most current version is PHP 7.3.7. PHP is continually updated to make it more efficient and to patch security issues. Except ...
Threat Post

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution

The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF. Researchers have created a proof-of-concept exploit that would ...
Threat Post

PHP Applications, WordPress Subject to Ghost glibc Vulnerability

Researchers at Sucuri revealed that applications such as WordPress that support PHP could also be subject to the Ghost vulnerability in glibc. Less than 48 hours after the disclosure of the Ghost ...
Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...