Headline
CVE-2020-13640: Security vulnerability issue in 5.3.5 version, please update...
A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.)
(@tomson)
Posts: 487
Honorable Member Support
We just released wpDiscuz 5.3.6 version for all who still use the old v5.3.5 version and don’t want to update to current latest 7.x.x version.
We have got a report that, there is a security vulnerability issue in 5.3.5 version. This issue was fixed in the major update 7.x.x versions. However, we also fixed the issue for 5.x version users and released 5.3.6 version.
If you want to keep using the old 5.x version, just update it to the 5.3.6 version using this instruction:
- Deactivate delete the 5.3.5 version.
- Download the 5.3.6 verison: https://downloads.wordpress.org/plugin/wpdiscuz.5.3.6.zip
- Click the [Add New] button in Dashboard > Plugins admin page and upload/install the 5.3.6 installation zip file.
If you don’t want to use old 5.x versions, just click the [Update] link on wpDiscuz plugin in Dashboard > Plugins admin page and update it to the latest version.
Posted : 12/06/2020 4:55 pm