ZDNet

Many CMS plugins are disabling TLS certificate validation... and that's very bad

An absurd number of CMS plugins and PHP libraries are disabling SSL/TLS certificate validation on purpose, and by doing so, they're putting millions of internet users at great risk. To make matters ...
The Droid Guy

How to Identify Which WordPress Plugin or Theme Is Blocking Your PHP Update and Preventing a Smooth Upgrade

If you’ve logged into your WordPress dashboard and seen the warning that your site is running on PHP 7.4.33, you’re not alone. This outdated version no longer receives security updates, which makes ...
Bleeping Computer

WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. Gravity Forms is a custom form builder website owners use ...
Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...
TechRadar

This old WordPress plugin is being used to hack compromised websites

Update: The WordPress Plugin Team has confirmed to TechRadar Pro that the Eval PHP plugin has been closed, citing concerns over its usage on compromised sites, its age, and the number of active ...