Thousands of websites are at risk from WordPress critical plugin
A critical vulnerability in a third-party plugin installed on over 70,000 websites running. WordPress could allow hackers to execute malicious code remotely. A critical vulnerability has been identified in a WordPress plugin installed across more than 70,000 websites.
Wordfence (security firm)
Discovered by researchers at security firm Wordfence. The bug is present in WordPress plugin wpDiscuz (versions 7.0.0 to 7.0.4), used by administrators to integrate a comments section into their websites.
The bug could reportedly allow hackers to remotely execute code on a vulnerable website’s servers. Take control of the hosting account, and inject malicious code into other sites managed by the same entity.
WordPress plugin vulnerability
As per Wordfence:
The WordPress plugin vulnerability first surfaced with wpDiscuz version 7.0.0. Which introduced a facility that allows users to attach images to comments. Although the feature was intended to allow for image uploads only, the file type verification process could be easily circumvented. Allowing hackers to upload any file of their choosing and sow the seed for account takeover. This flaw gives unauthenticated attackers the ability to upload arbitrary files. Including PHP files, and achieve remote code execution on a vulnerable site’s server.
Attention
If exploited, this vulnerability could allow an attacker to traverse your hosting account to further infect any sites hosted in the account with malicious code. This would effectively give the attacker complete control over every site on your server.
Wordfence first informed wpDiscuz developers of the vulnerability on June 19. After a failed attempt to resolve the issue with version 7.0.4, a full patch was released on July 23 with version 7.0.5.
The update has been downloaded circa 25,000 times since it was published, but this means roughly 55,000 WordPress websites remain at risk. To shield against attack, users of the wpDiscuz plugin are advised to install the latest version immediately.
