We recently found a security vulnerability in the Disqus Comment System plugin for WordPress. It could, under very specific conditions, allow an attacker to perform arbitrary remote code execution (RCE). In other words, an attacker can do anything he wants with a vulnerable website.
While the flaw itself is very dangerous, it may only be triggered on servers using WordPress with PHP version 5.1.6 or earlier. This also means that only users of WordPress 3.1.4 (or earlier) are vulnerable to it as more recent releases don’t support these older PHP versions.
Knowing that the targeted user base is actually very small, we decided to share our findings publicly now that Disqus released a patch for it (patched version 2.76).
*Every disqus user is still encouraged to upgrade to the latest version asap. read more
The users of WordPress, a free and open source blogging tool as well as content…
Minister of Transport Dipuo Peters has said that “some media houses” were responsible for “cyber…
A month after the FBI and Europol took down the GameOver Zeus botnet by seizing…
Until now, we have seen how different smart home appliances such as refrigerators, TVs and…
Quite Surprisingly, a team of Chinese hackers, Pangu have released an untethered jailbreak for iOS…
With online banking becoming routine for most users, it comes as no surprise that we…