Critical Security Flaw in WordPress Plugin Allows RCE

Critical Security Flaw in WordPress Plugin Allows RCE

Author: ZoneWP

Date: August 1, 2020 

Category: Plugin development, SEO, Security, Tips and tricks, Tutorials, Webhosting

Popular WordPress plugin Comments – wpDiscuz has released a patch which is active on over 80,000 pages.

Researchers informed about a critical flaw within the plugin. The bug allows unauthenticated attackers to upload arbitrary files (including PHP files) to vulnerable website servers and eventually execute remote code.

Comments – wpDiscuz allows WordPress websites to add custom comment forms and fields to sites, and is an alternative to services such as Disqus. Wordfence researchers who found the bug alerted the creator of the plugin, gVectors, which published a patch on July 23.

The bug is deemed severe in magnitude with a CVSS score of

This is the first part of the original article by ZoneWP.
Click here to read the full article in a new tab!


Critical Security Flaw in WordPress Plugin Allows RCE

World of WordPress is hosted by:

Servebolt: next level high performance hosting.

While others try to add more components to their hosting to make it go faster, we decided to build our hosting cloud fast from the ground up. We did so by stripping out everything we knew was deadweight.