CERT-In Vulnerability Note
CIVN-2020-0304
Arbitrary File Upload Vulnerability in wpDiscuz plugin of WordPress
Original Issue Date:July 29, 2020
Severity Rating: HIGH
Software Affected
- wpdiscuz plugin version 7.0.0 to 7.0.4
Overview
A vulnerability has been reported in wpdiscuz plugin of WordPress which could allow a remote attacker to execute arbitrary code on a targeted system.
Description
This vulnerability exists wpdiscuz plugin for WordPress due to improper checking of the file being uploaded. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted file on the server.
Successful exploitation of this vulnerability could allow could allow a remote attacker to execute arbitrary code on a targeted system.
Solution
Apply appropriate fixes as issued by the vendor in the following link
https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/
Vendor Information
Wordfence
https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/
References
Wordfence
https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|