WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload.

A pair of popular WordPress plugins used to help sites cache content have fixed serious vulnerabilities that attackers could exploit simply by including special HTML code in a comment. Both WP Super ...

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. Known as Backup Migration, ...

A critical unauthenticated remote control execution (RCE) bug in a backup plug-in that's been downloaded more than 90,000 times exposes vulnerable WordPress sites to takeover — another example of the ...

Security researchers have warned users of a popular WordPress plugin that they need to patch urgently or risk their site being remotely hijacked. Security vendor Wordfence has revealed a new PHP code ...

Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention. According to Mark Painter from the HP ...

A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open ...

Cenzic, a provider of Web application security vulnerability assessment and risk management solutions, has released their Web Application Security Trends Report – Q1-Q2, 2009. Among the findings of ...

Poor input validation makes previous versions of Drupal vulnerable. If the conditions are right, attackers can execute malicious code in the victim's web browser via compromised websites created with ...