Critical WordPress plugin bug lets hackers take over hosting account

Hackers can exploit a maximum severity vulnerability in the wpDiscuz plugin installed on over 70,000 WordPress sites to execute code remotely after uploading arbitrary files on servers hosting vulnerable sites.

wpDiscuz is a WordPress plugin marketed as an alternative to Disqus and Jetpack Comments that provides an Ajax real-time comment system that will store comments within a local database.

The plugin comes with support for multiple comment layouts, inline commenting and feedback, as well as a post rating system and multi-level (nested) comment threads.

Arbitrary file upload bug…


More Info

About mblog.my

Check Also

The WordPress.org Block Pattern Directory Is Now Live – WP Tavern

Yesterday, the WordPress pattern directory went live to the world as the development team behind …

Leave a Reply

Your email address will not be published. Required fields are marked *