Date: August 1, 2020
Popular WordPress plugin Comments – wpDiscuz has released a patch which is active on over 80,000 pages.
Researchers informed about a critical flaw within the plugin. The bug allows unauthenticated attackers to upload arbitrary files (including PHP files) to vulnerable website servers and eventually execute remote code.
Comments – wpDiscuz allows WordPress websites to add custom comment forms and fields to sites, and is an alternative to services such as Disqus. Wordfence researchers who found the bug alerted the creator of the plugin, gVectors, which published a patch on July 23.
The bug is deemed severe in magnitude with a CVSS score of
World of WordPress is hosted by:
While others try to add more components to their hosting to make it go faster, we decided to build our hosting cloud fast from the ground up. We did so by stripping out everything we knew was deadweight.