Critical WordPress plugin bug lets hackers take over hosting account

Hackers can exploit a maximum severity vulnerability in the wpDiscuz plugin installed on over 70,000 WordPress sites to execute code remotely after uploading arbitrary files on servers hosting vulnerable sites.

wpDiscuz is a WordPress plugin marketed as an alternative to Disqus and Jetpack Comments that provides an Ajax real-time comment system that will store comments within a local database.

The plugin comes with support for multiple comment layouts, inline commenting and feedback, as well as a post rating system and multi-level (nested) comment threads.

Arbitrary file upload bug…


More Info

About mblog.my

Check Also

A Non-Technical Release Lead’s Journey to Becoming a Mentor for WordPress Core Development – WordPress Tavern

In the summer of 2019, I was asked to help out with a WordPress release. …

Leave a Reply

Your email address will not be published. Required fields are marked *