WordPress plugin vulnerability exposes 80,000 sites to remote takeover


Jessica Haworth

29 July 2020 at 11:19 UTC

Updated: 29 July 2020 at 11:20 UTC

Critical bug in wpDiscuz add-on has now been patched

A critical vulnerability in a WordPress plugin with more than 80,000 active installations allowed unauthenticated attackers to take full control of a target website.

The security flaw, present in wpDiscuz comment plugin, enabled attackers to upload arbitrary files in order to achieve remote code execution (RCE) on a vulnerable site’s backend server.

The wpDiscuz…


More Info

About mblog.my

Check Also

A Non-Technical Release Lead’s Journey to Becoming a Mentor for WordPress Core Development – WordPress Tavern

In the summer of 2019, I was asked to help out with a WordPress release. …

Leave a Reply

Your email address will not be published. Required fields are marked *