The vulnerability impacts the jQuery File Upload plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp.

Researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware. These files are named jquery-migrate.js ...

Since public disclosure of a file-upload vulnerability in WordPress Symposium and the availability of proof-of-concept exploit code, scans and exploit attempts are up.

Exploit described in YouTube videos jQuery File Upload has been vulnerable for eight years, since the Apache 2.3.9 release in 2010.

The larger issue is that jQuery File Upload code forks and variations used in production packages – some 7,800 of them, according to Cashdollar – are also vulnerable to file upload and code ...