[German]There is a critical vulnerability in WordPress plugin wpDiscuz in versions 7.0.0 to 7.0.4, as WordFence reports here. The vulnerability in the plugin, which provides a comment function, allows to take over a WordPress installation. This is fixed in version 7.0.5. Through my Facebook channels I know that version 5.3.5 also has a vulnerability. In this discussion post you will learn that there is also a version 5.3.6 for bug fixing.
All is fixed!
The problem is 100% fixed and wpDiscuz is safe.
You can ignore this if you've already updated to 7.0.5 or higher version (current version is 7.0.6).
This was fixed and the new version 7.0.5 was released a week ago. There is not any issues with current wpDiscuz version. It's 100% secure now.
This kind of issues happens with almost all WordPress plugins, so there is no reason to worry if you've updated and up to date.
Just keep updating your plugins and make sure you're using the latest versions.
Tom – the intention of the article wasn't to drive users into a worry – the goal was to bring this information to attention of my blog readers. And yes, as a WordPress admin I know, that plugins may have vulnerabilities and need to be updated on a patched version.
Thx for posting the details that version 7.0.6 has been available.
Thank you guenni.