First published: Mon Aug 24 2020(Updated: )
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Gvectors Wpdiscuz | >=7.0<=7.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-24186.
The severity of CVE-2020-24186 is critical.
The affected software is the gVectors wpDiscuz plugin version 7.0 through 7.0.4 for WordPress.
An unauthenticated user can upload any type of file, including PHP files, via the wmuUploadFiles AJAX action.
There are no known fixes for CVE-2020-24186 at the moment. It is recommended to disable or remove the gVectors wpDiscuz plugin until a patch is available.