Critical WordPress plugin bug lets hackers take over hosting account

Hackers can exploit a maximum severity vulnerability in the wpDiscuz plugin installed on over 70,000 WordPress sites to execute code remotely after uploading arbitrary files on servers hosting vulnerable sites.

wpDiscuz is a WordPress plugin marketed as an alternative to Disqus and Jetpack Comments that provides an Ajax real-time comment system that will store comments within a local database.

The plugin comes with support for multiple comment layouts, inline commenting and feedback, as well as a post rating system and multi-level (nested) comment threads.

Arbitrary file upload bug…


More Info

About mblog.my

Check Also

Simple steps to stay safe

If your website gets hacked, it’s a big black mark on the reputation of your …

Leave a Reply

Your email address will not be published. Required fields are marked *