A Remote code execution (RCE) vulnerability has been discovered in the comment and discussion service, Disqus plugin for the plugin used in WordPress. This also allows an attacker to do as they please with the website.
The vulnerability was disclosed by a security firm and only works for sites which have
- PHP 5.1.6 or earlier
- WordPress 3.1.4 or earlier
- Disqus plugin version 2.75 or earlier
Roughly 5% or more of all WordPress sites are still 3.1 or earlier, which still leaves a lot of sites vulnerable so to be on the safe side, we recommend all our clients to update their plugins or reach out to a NetON account manager to update their site for them.
The best solution is to upgrade the plugin to the latest 2.76 version.