In a WordPress plugin , which is installed on more than 80 thousand sites, a dangerous vulnerability that allows uploading any file to the server without authentication. This includes uploading PHP files and having your code run on the server. The problem affects versions from 7.0.0 to 7.0.4 inclusive. The vulnerability was fixed in release 7.0.5.
The wpDiscuz plugin provides the ability to use AJAX to dynamically post comments without reloading the page. The vulnerability is caused by a flaw in the uploaded file type checking code used to attach images to comments. To limit the loading of arbitrary files, a function to determine the MIME type by content was called, which was easy to bypass for loading PHP files. The file extension was not limited. For example, you could load the file myphpfile.php, first specifying the sequence 89 50 4E 47 0D 0A 1A 0A, which identifies PNG images, and then place the block "
Source: opennet.ru