WordPress plugin vulnerability exposes 80,000 sites to remote takeover

Jessica Haworth

29 July 2020 at 11:19 UTC

Updated: 29 July 2020 at 11:20 UTC

Critical bug in wpDiscuz add-on has now been patched

A critical vulnerability in a WordPress plugin with more than 80,000 active installations allowed unauthenticated attackers to take full control of a target website.

The security flaw, present in wpDiscuz comment plugin, enabled attackers to upload arbitrary files in order to achieve remote code execution (RCE) on a vulnerable site’s backend server.

The wpDiscuz…

More Info

About mblog.my

Check Also

The WordPress.org Block Pattern Directory Is Now Live – WP Tavern

Yesterday, the WordPress pattern directory went live to the world as the development team behind …

Leave a Reply

Your email address will not be published. Required fields are marked *