A Critical Severity SQL Injection vulnerability has been identified in the WordPress wpDiscuz Plugin. This vulnerability could allow a malicious actor to directly interact with the database, including but not limited to stealing information.

The vulnerability is a SQL Injection vulnerability that occurs in the wpdiscuz.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user input to inject malicious SQL code into the database.


The vulnerability has a CVSS 3.1 score of 9.3, which is considered to be critical. This means that the vulnerability is highly exploitable and could have a severe impact on the affected system.

Affected Versions:

The vulnerability affects all versions of the wpDiscuz Plugin prior to 7.6.6.


An attacker who successfully exploits this vulnerability could:

  • Steal sensitive data from your database, such as user information, credit card numbers, and product details.
  • Modify or delete data in your database.
  • Take control of your database and website.


To protect the WordPress website effectively, follow these steps:

  • Update the Plugin: Users of the wpDiscuz Plugin are strongly advised to update to the latest available version (at least 7.6.6) as soon as possible. This vulnerability has been fixed in version 7.6.6.
  • Regularly Update Plugins: Beyond this specific update, make it a practice to regularly update all WordPress plugins and themes to their latest versions. Keeping website components up to date is a fundamental security measure.