A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
Recent assessments:
noraj at June 25, 2021 8:12am UTC reported:
This plugin is not that commonly deployed on Wordpress installations and to detected it you need the aggressive
plugin mode of Wpscan enabled else wpDiscuz wonβt be even detected.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
packetstormsecurity.com/files/162983/WordPress-wpDiscuz-7.0.4-Shell-Upload.html
packetstormsecurity.com/files/163012/WordPress-wpDiscuz-7.0.4-Remote-Code-Execution.html
packetstormsecurity.com/files/163302/WordPress-wpDiscuz-7.0.4-Shell-Upload.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24186
github.com/hoanx-2146/wpDiscuz_unauthenticated_arbitrary_file_upload
www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin
www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/