Researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware. These files are named jquery-migrate.js ...

The vulnerability impacts the jQuery File Upload plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp.

Since public disclosure of a file-upload vulnerability in WordPress Symposium and the availability of proof-of-concept exploit code, scans and exploit attempts are up.

The larger issue is that jQuery File Upload code forks and variations used in production packages – some 7,800 of them, according to Cashdollar – are also vulnerable to file upload and code ...

Exploit described in YouTube videos jQuery File Upload has been vulnerable for eight years, since the Apache 2.3.9 release in 2010.