The PHP Object Injection Odyssey

The past few months we have noticed a trend of new and increasing PHP Object Injection attacks targeting WordPress sites. In a few cases in the last months our standard incident response process was identifying sites were had just cleaned were getting…
Read The Story

How to Address Object Injection Vulnerabilities in PHP

I have been discussing the risks related to PHP Object Injection or insecure usage of unserialize() and how this insecure coding practice is unfortunately very prevalent in the WordPress plugin ecosystem. This post is for plugin (and really any PHP) developers for…
Read The Story

Latest Posts