vulnerability
-
WordPress wpDiscuz plugin <= 7.6.42 – Insecure Direct Object References (IDOR) vulnerability
-
Hi @vijaiya,
At the moment, we are simply waiting for more details. This vulnerability report is essentially empty, it contains no technical details and no proof of concept. With no information provided, we are unable to reproduce, detect, or fix the issue.
We have already fixed dozens of verified reports and released updates for wpDiscuz, but this one is unusual. The reporter only provided a vulnerability type and a title, and nothing else. Based on this, we even suspect that this may be a false positive. The reported risk level is not high (5.3), and no one has contacted us with any supporting details.
We have contacted Wordfence to clarify what this report is about and why they believe this vulnerability exists. So far, no technical explanation has been provided.
In short, this appears to be an unproven, likely false-positive report that was published accidentally. However, if anyone provides concrete details or a valid proof of concept, we will investigate and fix the issue immediately. At this moment, we only have a vague title and claims without evidence. Even Wordfence does not provide any technical details, yet the report is being distributed to websites without proper verification. They also have not responded to our questions on their website.
So we’re waiting for details, otherwise this is a report about nothing!
You must be logged in to reply to this topic.
