Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-13640: Security vulnerability issue in 5.3.5 version, please update...

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.)

CVE
#sql#vulnerability#wordpress

(@tomson)

Posts: 487

Honorable Member Support

We just released wpDiscuz 5.3.6 version for all who still use the old v5.3.5 version and don’t want to update to current latest 7.x.x version.

We have got a report that, there is a security vulnerability issue in 5.3.5 version. This issue was fixed in the major update 7.x.x versions. However, we also fixed the issue for 5.x version users and released 5.3.6 version.

If you want to keep using the old 5.x version, just update it to the 5.3.6 version using this instruction:

  1. Deactivate delete the 5.3.5 version.
  2. Download the 5.3.6 verison: https://downloads.wordpress.org/plugin/wpdiscuz.5.3.6.zip
  3. Click the [Add New] button in Dashboard > Plugins admin page and upload/install the 5.3.6 installation zip file.

If you don’t want to use old 5.x versions, just click the [Update] link on wpDiscuz plugin in Dashboard > Plugins admin page and update it to the latest version.

Posted : 12/06/2020 4:55 pm

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907