WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch.
Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, which is installed on more than 70,000 websites. The flaw gives unauthenticated attackers the ability to upload arbitrary files (including PHP files) and ultimately execute remote code on vulnerable website servers.
Comments – wpDiscuz enables WordPress websites to add custom comment forms and fields to sites, and serves as an alternative to services like Disqus. Researchers with…