The larger issue is that jQuery File Upload code forks and variations used in production packages – some 7,800 of them, according to Cashdollar – are also vulnerable to file upload and code ...

Credit card skimmers are now being buried in image file metadata on e-commerce websites Magecart attackers are suspected of using an interesting technique to steal your financial data.

The bug affects the widely used jQuery File Upload widget and allowed an attacker to upload arbitrary files on web servers, including command shells for sending out commands.