The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers ...

A critical severity vulnerability was discovered and patched in the Better Search Replace plugin for WordPress which has over 1 million active website installs. Successful attacks could lead to ...

An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Newsletter, a WordPress plugin with more than 300,000 installations, has a pair ...

Additionally, the PHP Object Injection flaw "could be used to inject a PHP object that might be processed by code from another plugin or theme and used to execute arbitrary code, upload files, or any ...

A WordPress vulnerability rated as critical has been patched. Although the exploit is labeled as critical, one security researcher states that the likelihood of the vulnerability being exploited is ...

More than a hundred thousand WordPress websites are reportedly vulnerable to an exploit which allows threat actors to run malicious code remotely and completely unauthenticated, as well as being able ...

Details have been published online last week about a vulnerability in older versions of the Joomla content management system (CMS), a popular web-based application for building and managing websites.

Hackers have exploited three zero-days to install backdoors on WordPress sites, according to a security alert published minutes ago by WordPress security firm Wordfence. The zero-days affect three ...

Magecart hackers are exploiting a long list of zero-day vulnerabilities in popular store extension software to inject the digital skimming code into targeted e-commerce sites, according to new ...

Hackers are (ab)using unpatched zero-day vulnerabilities in approximately 20 Magento extensions to plant payment card skimmers on online stores, according to Dutch security expert Willem de Groot. The ...