fbpx

Critical Arbitrary File Upload Vulnerability Patched in wpDiscuz Plugin

On June 19th, our Threat Intelligence team discovered a vulnerability present in Comments – wpDiscuz, a WordPress plugin installed on over 80,000 sites. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.

We initially reached out to the plugin’s developer on June 18, 2020, and after establishing an appropriate communication channel, we provided the full disclosure details on June 19, 2020. The developers responded on June 20, 2020 to let us know a patch would be coming in version 7.0.4. After several follow-ups, an initial

This post was originally published on this site

GET UP TO $500K IN BUSINESS FUNDING

Pin It on Pinterest

Share This
Xiphos Web Marketing

FREE
VIEW