August 2, 2020 By Pierluigi Paganini
A critical flaw in the wpDiscuz WordPress plugin could be exploited by remote attackers to execute arbitrary code and take over the hosting account.
Security experts from Wordfence discovered a critical vulnerability impacting the wpDiscuz WordPress plugin that is installed on over 80,000 sites.
The vulnerability could be exploited by attackers to execute arbitrary code remotely after uploading arbitrary files on servers hosting the vulnerable WordPress sites.
wpDiscuz provides an Ajax real-time comment feature that stores the comments into a local database.
Researchers from WordFence reported the flaw to the wpDiscuz’s development team on June 19, the issue was fully addressed on July 23, with the release of version 7.0.5.