wpDiscuz WordPress Plugin Puts Thousands of Websites at Risk

ByDigitalPhablet Hours

A security flow found in the wpDiscuz’s WordPress plugin which can allow hackers to inject malicious code easily on any website.

This vulnerability was first identified by security experts at Wordfence, who further confirms that with this flaw, hackers will also be able to execute PHP files and upload arbitrary files to the website where this plugin is installed.

wpDiscuz provides an alternative to the commenting system to WordPress, just like jetpack comments, Disqus, or any other famous commenting plugin.

This security flaw was first identified by Wordfence and had asked wpDiscuz to fix it, for that after a few days, the devs said they had fixed it. But later, in the latest update of the WordPress plugin, this issue was once again found to which wordfence took notice and told, the patch was unable to fix the security flaw as of now.

The issue was found in version 7 of the WordPress plugin, in the feature which allows users to upload images to the comments. The system is unable to detect if the file extension is of an image or malicious code.

As of now the best thing for the web developers who are using wpDiscuz is to move away from it if the plugin is not getting a patch within 24 hours, keeping the plugin would allow hackers to hack your sites and all the other sites associated with that host to be at the risk of hacking.

Author

Similar Posts

What’s New in Apple M3? Comparison With M1 and M2

ByRebecca Fraser

Get ready to witness the dawn of a new era as Apple unveils its latest technological masterpiece, the extraordinary Apple M3 Chipset. This revolutionary chipset is prepared to take on the world and surpass its M1 and M2 predecessors in terms of performance, efficiency and sheer innovation. Let’s explore the M3 chipset’s innovative features and compare…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

One Comment

  1. All is fixed!
    The problem is 100% fixed and wpDiscuz is safe.
    You can ignore this if you’ve already updated to 7.0.5 or higher version (current version is 7.0.6).

    This was fixed and the new version 7.0.5 was released a week ago before the security issue public report. There is not any issues with current wpDiscuz version. It’s 100% secure now.

    This kind of issues happens with almost all WordPress plugins, so there is no reason to worry if you’ve updated and up to date. Just keep updating your plugins and make sure you’re using the latest versions.

    About 50% of wpDiscuz users are currently using 7.x.x versions. It’s about 35,000 websites. 30,000 of them have already updated to secure 7.0.5 and higher versions during last week. And about 3,000 websites are updating every day.

    So in one two days there almost certainly won’t be any website with old unsecure 7.0.0 – 7.0.4 versions and almost all websites will be up to date and safe.

    Thank you!
    wpDiscuz Developers

    Reply