Skip to content
jproxx
← Back to the blog

Posts on the topic: PHP

Security

Security Bulletin for 4 July 2026: Privilege Escalation in HestiaCP, Heap Overflow in PHP Core, Stored Cross-Site Scripting in Ultimate Member and PII Tampering in LatePoint

Daily security roundup: a privilege escalation leading to server takeover in the HestiaCP control panel, a heap overflow in PHP core, stored cross-site scripting in Ultimate Member and unauthenticated tampering with customer data in LatePoint.

Read more →
Security

Security Bulletin for 25 June 2026: CRLF Injection in the Laravel Framework and a Critical Account Takeover in the Kirki WordPress Plugin

Daily security overview: a CRLF injection in the Laravel PHP framework and a critical, unauthenticated account takeover in the Kirki WordPress plugin.

Read more →
Security

Security Advisory: Two Vulnerabilities in the Guzzle PHP HTTP Client (CVE-2026-55568 and CVE-2026-55767) — Relevant Because of Its Spread Across PHP Libraries

Two vulnerabilities in the widely used Guzzle PHP HTTP client: unencrypted proxy traffic and a CookieJar flaw. Both are fixed in version 7.12.1.

Read more →
Security

Security Bulletin for 22 June 2026: Privilege Escalation in Vitepos, a Critical Flaw in PhpSpreadsheet, and Cross-Site Scripting in WooCommerce Auction Pro

Daily security overview for WordPress, e-commerce and PHP: privilege escalation in Vitepos, a flaw in PhpSpreadsheet, and XSS in WooCommerce Auction Pro.

Read more →