Security Advisory 2020-038

Release Date:

Critical Wordpress Plugin Vulnerability



  • 29/07/2020 --- v1.0 -- Initial publication


On 19th of June, Wordfence Threat Intelligence team discovered a vulnerability that affects Wordpress plugin Comments – wpDiscuz [1]. This flaw gives unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server [1]. According to Wordfence, the security flaw is rated as critical severity with a CVSS base score of 10.0 [2].

Technical Details

Comments - wpDiscuz is a realtime comment system with custom comment form and fields. It is designed to supercharge WordPress native comments [3].

The wpDiscuz comments are intended to only allow image attachments [1]. However, due to the file MIME type detection functions that were used, the file type verification could easily be bypassed, allowing unauthenticated users the ability to upload any type of file, including PHP files [1]. Once uploaded to a vulnerable site's hosting server, attackers would get the file path location with the request's response making it easy to trigger file execution on the server and achieving remote code execution (RCE) [2].

Products Affected

The issue affects Wordpress plugin Comments – wpDiscuz, versions 7.0.0 - 7.0.4 [1].


The vulnerability was patched with the release of version 7.0.5 [1, 3].

CERT-EU recommends to update the vulnerable application as soon as possible.





We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.