WordPress · Wpdiscuz · CVE-2020-13640
**Name of the Vulnerable Software and Affected Versions**
wpDiscuz plugin versions 5.3.5 and earlier
**Description**
A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `order` parameter of a "wpdLoadMoreComments" request.
**Recommendations**
For wpDiscuz plugin versions 5.3.5 and earlier, update to a version later than 5.3.5 to resolve the issue.