Another worrying WordPress plugin security flaw could put 250,000 websites at risk

Ally was carrying an SQL injection flaw that allowed data exfiltration.

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk

A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data ...

'LeakyLooker' flaws let hackers gain access to user information in Google Looker Studio

Nine bugs were found in Google's Looker Studio which could have allowed outside access.
Threat Post

Magento Patches Critical SQL Injection and RCE Vulnerabilities

Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site. Magento patched 37 vulnerabilities on Thursday, ...
Searchenginejournal.com

Vulnerability In Fluent Forms Contact Form WordPress Plugin

Fluent Forms Contact Form Builder is one of the most popular contact forms for WordPress, with over 300,000 installations. Its drag-and-drop interface makes creating custom contact forms easy so that ...
Threat Post

SAP Patches 12 SQL Injection, XSS Vulnerabilities in HANA

SAP patched a dozen holes in its in-memory management system HANA that could have led to SQL injections, cross-site scripting (XSS) errors, and memory corruption vulnerabilities. SAP patched a dozen ...
Computerworld

Ruby on Rails patches tackle SQL injection vulnerabilities

Two SQL injection vulnerabilities were patched in Ruby on Rails, a popular open-source Web development framework used by some high-profile websites. The Rails developers released versions 3.2.19, ...