Comments – wpDiscuz WordPress Plugin Contains Critical Vulnerability


A critical vulnerability was discovered in the Comments – wpDiscuz WordPress plugin which has been installed on more than 80,000 sites. The vulnerability has already been fixed.

Affected versions of the plugin include versions 7.0.0 – 7.0.4. According to Wordfence researchers, the vulnerability allowed unauthenticated attackers to upload arbitrary files, including PHP files, thus performing remote code execution on the server of the vulnerable site.

After contacting the plugin’s developers, the researchers provided full disclosure details, and a patch was eventually made available. Affected sites should update to version 7.0.4 of the Comments – wpDiscuz plugin to avoid any compromise.

More about the Comments – wpDiscuz Plugin Vulnerability

The vulnerability, described as arbitrary file upload, was introduced in the plugin’s latest major version update, Wordfence says. The flaw has been given a CVSS score of 10, making it highly critical as it could lead to remote code execution attacks on the server of the affected site. Site owners running any version from 7.0.0 to 7.0., should consider updating to the patched version, 7.0.5, as soon as possible.

wpDiscuz, which has been installed on thousands of WordPress sites, is a plugin for responsive comment areas. The plugin is designed to enable users discuss topics and customize their comments with the help of a rich text editor. In the latest versions 7.x.x of the plugin, the developers added the ability to include image attachments in comments uploaded to the particular site. This new addition, however, didn’t have proper security protections thus creating the critical issue.


Also Read Unsplash Plugin for WordPress: Seamless Integration for All Websites


It should be noted that the wpDiscuz comments are designed with the intention to only allow image attachments. “However, due to the file mime type detection functions that were used, the file type verification could easily be bypassed, allowing unauthenticated users the ability to upload any type of file, including PHP files,” Wordfence explains.

Earlier this month, the same team of security researchers reported a vulnerability in another WordPress plugin. The KingComposer WordPress plugin was found to contain several vulnerabilities that could lead to access control over compromised sites. The plugin has been installed on more than 100,000 sites. The researchers discovered an unpatched reflected cross-site scripting (XSS) flaw in the KingComposer plugin, identified as CVE-2020-15299.

3 Comments

  1. AvatarTom

    All is fixed!
    The problem is 100% fixed and wpDiscuz is safe.
    You can ignore this if you’ve already updated to 7.0.5 or higher version (current version is 7.0.6).
    This was fixed and the new version 7.0.5 was released a week ago. There is not any issues with current wpDiscuz version. It’s 100% secure now.
    This kind of issues happens with almost all WordPress plugins, so there is no reason to worry if you’ve updated and up to date.
    Just keep updating your plugins and make sure you’re using the latest versions.

    Thank you!
    wpDiscuz Developers

    Reply
  2. AvatarTom

    And some numbers…
    About 50% of wpDiscuz users are currently using 7.x.x versions. It’s about 35,000 websites.
    30,000 of them have already updated to secure 7.0.5 and higher versions during last week. And about 3,000 websites are updating every day.
    So in one two days there almost certainly won’t be any website with old unsecure 7.0.0 – 7.0.4 versions and almost all websites will be up to date and safe.

    Reply
  3. HTH_EditorsHTH_Editors (Post author)

    Hi there,

    Thank you for stopping by! We hope that all users of the plugin have already updated it, and no one is at risk. Like you said: Just keep updating your plugins and make sure you’re using the latest versions.

    Thanks,
    HowToHosting.guide’s team

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.