cleantalk
Vulnerabilities and Security Researches

Comments – wpDiscuz, CVE-2020-24186

CVE, Research URL

CVE-2020-24186

Home page URL

Security reports for Comments – wpDiscuz

Application

Comments – wpDiscuz

Published on
Aug 24, 2020
Research Description
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
Affected versions
Min 7.0, max 7.0.4.
Status
vulnerable
Previous vulnerability researches
Comments – wpDiscuz (CVE-2025-59591) , Oct 10, 2025
Comments – wpDiscuz (CVE-2023-46309) , Jun 10, 2024
Comments – wpDiscuz (CVE-2023-45760) , Jun 10, 2024
Comments – wpDiscuz (CVE-2024-35681) , Jun 09, 2024
Comments – wpDiscuz (CVE-2024-9488) , Oct 27, 2024
New vulnerability
Genealogical Tree – WordPress Family Tree (CVE-2025-58023) , Oct 12, 2025
WPB Quick View Popup for WooCommerce – Display Product Informations in Popup on Button Click (CVE-2025-57967) , Oct 12, 2025
Mixtape (CVE-2025-9860) , Oct 12, 2025
Advanced Settings (CVE-2025-58996) , Oct 12, 2025
FancyTabs (CVE-2025-8560) , Oct 12, 2025