At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified your site(s), is (are) utilizing a vulnerable version of the Comments – wpDiscuz plugin.
At this time, we are not seeing that the plugin author has released an update or patch for this vulnerability. WP Engine has attempted to reach out to the plugin author to request the timing of a patch. We will report back to you if/when we receive a timeframe for when the author expects to release one.
WP Engine summary of the vulnerability: Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.
The issue has been already resolved with the 7.3.1 version. It was released yesterday.
I'd ask read attentive and see the issue. That security issue could only be caused by administrators, so I'd not call this security issue. Admins can do whatever they want and the changing of the wpDiscuz phrase to some v
JS virus is the last thing they'll do. In any case this micro issue was fixed and wpDiscuz is 100% secure now.