Bleeping Computer

WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. Gravity Forms is a custom form builder website owners use ...
Threat Post

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs. Two high-severity vulnerabilities in Post Grid, a WordPress plugin ...
Searchenginejournal.com

Better Search Replace WordPress Vulnerability Affects Up To +1 Million Sites

A critical severity vulnerability was discovered and patched in the Better Search Replace plugin for WordPress which has over 1 million active website installs. Successful attacks could lead to ...
Bleeping Computer

WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.