CVE-2018-20423

Name of the Vulnerable Software and Affected Versions DiscuzX version 3.4

Description The issue allows remote attackers to bypass a "disabled registration" setting when WeChat login is enabled. This can be achieved by adding a non-existing wxopenid value to the "plugin.php?ac=wxregister" query string.

Recommendations For DiscuzX version 3.4, consider disabling WeChat login until a patch is available to prevent exploitation of this issue. As a temporary workaround, restrict access to the "plugin.php?ac=wxregister" endpoint to minimize the risk of bypassing the "disabled registration" setting.