Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

PHP code execution

Composer fixes two high-severity flaws that could allow command execution

News, Vendors, Vulnerabilities

April 15, 2026

Composer has fixed two high-severity command injection flaws that could allow arbitrary command execution through malicious Perforce data. The issues affect multiple PHP package manager releases and were addressed in version 2.9.6 and 2.2.27.
Critical command injection flaw found in W3 Total Cache WordPress plugin

Cybercrime, News, Vendors, Vulnerabilities

November 20, 2025

A critical unauthenticated command injection in the W3 Total Cache WordPress plugin (CVE-2025-9501) can allow PHP code execution via a malicious comment. The developer issued a patch in version 2.8.13 on Oct. 20, but hundreds of thousands of sites may still be unpatched; WPScan plans to publish a proof-of-concept on Nov. 24.

About
Editorial Policy
Privacy
Contact