A critical vulnerability has been identified in a WordPress plugin installed on more than 80,000 websites. Discovered by researchers from security firm Wordfence, the bug is present in the WordPress wpDiscuz plugin (versions 7.0.0 to 7.0.4), used by administrators to insert a comment section on their websites. The bug could allow hackers to remotely execute code on a vulnerable website's servers, take control of the hosting account, and inject malicious code on other sites run by the same entity. As such, it has been given a maximum severity score of 10/10 based on the Common Vulnerability Scoring System (CVSS).
WordPress plugin vulnerability
The WordPress plugin vulnerability first appeared with wpDiscuz version 7.0.0, which introduced a feature that allows users to attach images to comments. Although the feature was designed to only allow image uploads, the file type verification process can be easily bypassed, allowing hackers to upload any file of their choice and sow the seed for the taking. account control. "This flaw gives unauthenticated attackers the ability to download arbitrary files, including PHP files, and remotely execute code on a vulnerable site's server," Wordfence explained in a blog post. “If exploited, this vulnerability could allow an attacker to break into your hosting account to further infect sites hosted on the account with malicious code. This would effectively give the attacker complete control over every site on your server. Wordfence first informed wpDiscuz developers of the vulnerability on June 19. After a failed attempt to resolve the issue with version 7.0.4, a full patch was released on July 23 with version 7.0.5. The update has been downloaded around 25,000 times since its release, but that means around 55,000 WordPress websites are still at risk.To protect against attacks, wpDiscuz plugin users are advised to install the latest version immediately .