The wpDiscuz plugin is an alternative to Disqus and Jetpack Comments that provides an Ajax real-time comment system that will store comments within a local database. The vulnerability was reported to the plugin’s developers by Wordfence’s Threat Intelligence team on June 19 and was fully patched with the release of version 7.0.5 on July 23. The security flaw is rated as critical severity with a CVSS base score of 10/10. At least 45,000 WordPress sites still potentially left exposed to takeover attacks if hackers exploit this bug.
Source: https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bug-lets-hackers-take-over-hosting-account/