A Disqus vulnerability has been found which affects users whose hosts are running outdated versions of PHP, this vulnerability has been brought to everyone’s attention by the team at Sucuri. Disqus is a popular commenting WordPress plugin with thousands of users across the globe.
While the flaw itself is very dangerous, it may only be triggered on servers using WordPress with PHP version 5.1.6 or earlier. This also means that only users of WordPress 3.1.4 (or earlier) are vulnerable to it as more recent releases don’t support these older PHP versions.
It is recommended that all Disqus users upgrade to the patched version of 2.7.6. Don’t forget to also make sure WordPress and all plugins are updated.
It’s also a timely reminder to make sure your host is keeping their software such as PHP up to date. You can see your version of php in your cPanel on the sidebar with other statistics. If your host isn’t running current versions of PHP then it is time to ask some serious questions about their suitability for your needs. Outdated PHP poses not only software compatibility issues with platforms such as WordPress and Joomla which are based on PHP, but it also has the added issue but also security risks.
All Little Hero Hosting servers are running PHP 5.4.* so all our clients are safe.