Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors.

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection.

Using PHP within a WordPress Plugin To create a text file from within a custom WordPress plugin, you can use PHP's file handling functions. Here is an example of how to do this: ...

But here’s the frustrating part—sometimes when you try to update PHP, your site crashes, and you’re left scrambling to figure out which plugin or theme caused the problem.

The plugin is used on over 30,000 websites. According to the WordFence Threat Intelligence team, the three vulnerabilities in PHP Everywhere all lead to remote code execution in versions of the ...