WordPress plugin Comments wpDiscuz, which is installed on over 70,000 sites, has issued a patch. The flaw gives unauthenticated attackers the ability to upload arbitrary files (including PHP files) and ultimately execute remote code on vulnerable website servers. With a CVSS score of 10 out of 10, the glitch is considered critical in severity, and researchers are urging website administrators to ensure that they update. The vulnerability was introduced in the plugin s latest major version update, said Wordfence researchers.
Source: https://threatpost.com/critical-rce-flaw-wordpress-plugin-on-70k-sites/157824/