A Critical Severity SQL Injection vulnerability has been identified in the WordPress wpDiscuz Plugin. This vulnerability could allow a malicious actor to directly interact with the database, including but not limited to stealing information.
The vulnerability is a SQL Injection vulnerability that occurs in the wpdiscuz.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user input to inject malicious SQL code into the database.
The vulnerability has a CVSS 3.1 score of 9.3, which is considered to be critical. This means that the vulnerability is highly exploitable and could have a severe impact on the affected system.
The vulnerability affects all versions of the wpDiscuz Plugin prior to 7.6.6.
An attacker who successfully exploits this vulnerability could:
- Steal sensitive data from your database, such as user information, credit card numbers, and product details.
- Modify or delete data in your database.
- Take control of your database and website.
To protect the WordPress website effectively, follow these steps:
- Update the Plugin: Users of the wpDiscuz Plugin are strongly advised to update to the latest available version (at least 7.6.6) as soon as possible. This vulnerability has been fixed in version 7.6.6.
- Regularly Update Plugins: Beyond this specific update, make it a practice to regularly update all WordPress plugins and themes to their latest versions. Keeping website components up to date is a fundamental security measure.