Searchenginejournal.com

WordPress 5.7.2 Patches a Critical Vulnerability

A WordPress vulnerability rated as critical has been patched. Although the exploit is labeled as critical, one security researcher states that the likelihood of the vulnerability being exploited is ...
Bleeping Computer

WordPress 5.8.3 security update fixes SQL injection, XSS flaws

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. The set includes an SQL ...
Searchenginejournal.com

WordPress Anti-Spam Plugin Vulnerability Affects Up To 60,000+ Sites

A WordPress anti-spam plugin with over 60,000 installations patched a PHP Object injection vulnerability that arose from improper sanitization of inputs, subsequently allowing base64 encoded user ...
マイナビニュース

脆弱性の情報

脆弱性の情報(CVE)は次のとおり。 CVE-2025-0912- 寄付フォームにPHPオブジェクトインジェクションの脆弱性。認証されていない攻撃者は任意のPHPオブジェクトを挿入できる可能性がある。また、POPチェーンが存在する場合は、リモートコード実行(RCE)できる可能 ...
Bleeping Computer

Latest Object Injection news

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.