Many people are currently using wpDiscuz to replace the default WordPress commenting system, but this plugin is experiencing serious security flaws.
If you are using wpDiscuz version 7.0.0 – 7.0.4, immediately update to the new version 7.0.6 immediately because your website is in danger of being hijacked hosting account.
wpDiscuz is a very good plugin that replaces WordPress default comment system with many advanced features such as Ajax processing, real-time updates, multiple layout support, and lots of useful options for users to customize. In addition, you can also install more paid extensions if you want to add more features.
The current security bug of wpDiscuz is very dangerous, rated 10/10 CVSS, related to the feature that allows users to upload image files attached with comments. Do not check the attachment format carefully, so wpDiscuz accidentally allows uploading of PHP executable files.
If exploited, this error allows hackers to run commands on the server and insert malicious code on all websites that are sharing hosting.
Version wpDiscuz 7.0.5 has been completely fixed, and last night’s update – 7.0.6 patched a few other minor bugs.
See the details for this error here.