WordPress plugin vulnerability exposes 80,000 sites to remote takeover

Jessica Haworth

29 July 2020 at 11:19 UTC

Updated: 29 July 2020 at 11:20 UTC

Critical bug in wpDiscuz add-on has now been patched

A critical vulnerability in a WordPress plugin with more than 80,000 active installations allowed unauthenticated attackers to take full control of a target website.

The security flaw, present in wpDiscuz comment plugin, enabled attackers to upload arbitrary files in order to achieve remote code execution (RCE) on a vulnerable site’s backend server.

The wpDiscuz…

More Info

About mblog.my

Check Also

New Prototype Runs WordPress in the Browser with No PHP Server – WP Tavern

Automattic-sponsored core contributor Adam Zielinski published a demo today of WordPress running in the browser …

Leave a Reply

Your email address will not be published. Required fields are marked *