Bleeping Computer

W3 Total Cache WordPress plugin vulnerable to PHP command injection

A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. The vulnerability, tracked as ...
Bleeping Computer

Critical PHP RCE vulnerability mass exploited in new attacks

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. Tracked as CVE-2024-4577, this PHP-CGI ...
Ars Technica

Nasty bug with very simple exploit hits PHP just in time for the weekend

A critical vulnerability in the PHP programming language can be trivially exploited to execute malicious code on Windows devices, security researchers warned as they urged those affected to take ...