wpDiscuz WordPress plugin: Critical vulnerability found and patched

A patch has been issued for a WordPress plugin that had a severe vulnerability. The plugin, wpDiscuz, was investigated by WordPress security experts at Wordfence. What they found, as described in a research blog post, was a critical arbitrary file upload vulnerability. As Wordfence researchers discovered, the vulnerability was introduced in a recent update, more specifically, the patch before the fixed wpDiscuz plugin version (7.0.5). This is far from the first time a critical WordPress vulnerability has been uncovered. wpDiscuz is used to allow an interactive comments section on websites created and maintained with WordPress.

The critical arbitrary file upload vulnerability rates as a 10 (the highest score possible) on the Common Vulnerability Scoring System (CVSS) as it allows remote code execution. A more in-depth description of the wpDiscuz vulnerability, and an example of an actual attack, can be found in the below excerpt from the Wordfence post:

This made it possible for attackers to create any file type and add image identifying features to files to pass the file content verification check. A PHP file attempting to bypass this verification could look something like this in a request:

------WebKitFormBoundaryXPeRFAXCS9qPc2sB
Content-Disposition: form-data; name="wmu_files[0]"; filename="myphpfile.php"
Content-Type: application/php
‰PNG

The file path location was returned as part of the request’s response, allowing a user to easily find the file’s location and access the file it was uploaded to the server. This meant that attackers could upload arbitrary PHP files and then access those files to trigger their execution on the server, achieving remote code execution.

The patch applies, as was previously noted, to the 7.0.5 version of wpDiscuz. Wordfence disclosed the issue to the plugin developer toward the end of June. After a couple of attempts, the issue was fixed in the most current patch. In a comment to various cybersecurity media, wpDiscuz developers stated that you are safe if you use either version 7.0.5 or the most current version of the plugin (7.0.6). Conversely, researchers confirmed that versions 7.0.0 to 7.0.4 are all vulnerable to this flaw.

If you have not patched wpDiscuz already, do so immediately. Now that cybercriminals have in-depth knowledge of the flaw, they will exploit it on unpatched versions of the wpDiscuz plugin.

Featured image: Shutterstock

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

See the light: How to avoid webcam hacking

With so many employees video conferencing from home, the webcam may be a portal to…

3 days ago

Using Intel VTune Profiler performance analyzer on Hyper-V VMs

The Intel VTune Profiler performance analyzer can do more than monitor a system’s CPU utilization.…

3 days ago

The evolution of backup: Interview with Altaro’s Simon Attard

Backup is not the glitziest part of an IT pro’s job, but it may be…

4 days ago

U.S. Department of Veterans Affairs experiences data breach

A successful cyberattack initiated by a social engineering campaign has caused a data breach at…

4 days ago

How to turn off or restart Windows 10 updates: Step-by-step guide

In this article, we'll show you how to turn off or restart updates in Windows…

4 days ago

Five native Windows Admin Center extensions you need to know about

Windows Admin Center is becoming the tool of choice for managing Windows Server deployments. Here…

5 days ago