During a penetration testing for a client, Australian based independent security consultant Nik Cubrilovic, discovered a couple of security issues within the very popular Disqus WordPress plugin.
A popular WordPress plugin that allows site owners to easily customize the contact form has a critical vulnerability that can be exploited to download and remotely modify the site's database, and gain access and control of the site - no account or authentication needed.
WordPress is not only easy to use, it also comes with many plugins and themes for you to choose from, making it extremely customizable.
WordPress users who also use the MailPoet plugin are urged to update it as soon as possible, as all versions but the latest one are plagued with a critical flaw that could allow attackers to remotely upload any file on their vulnerable website.
The developers of Jetpack, one of the most widely used WordPress plugins, are urging users to download and implement the latests versions that fix a critical security bug.