Security Links

CVE-2025-0855 [CRITICAL] :

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Binarly REsearch, Blog

blog
advisory
reverse-engineering

The Binarly REsearch team leads the industry in firmware vulnerability disclosure and advisories. Binarly is the world's most advanced automated firmware supply chain security platform. Using cutting-edge machine-learning techniques, Binarly identifies both known and unknown vulnerabilities, misconfigurations, and malicious code in firmware and hardware components.

Visit Website