CVE-2025-13820

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...

CVE-2025-13820

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...

CVE-2025-13820 Comments – wpDiscuz < 7.6.40 - Unauthenticated Account Takeover

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...

CVE-2025-13820 Comments – wpDiscuz < 7.6.40 - Unauthenticated Account Takeover

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...

CVE-2025-13820

CVE-2025-13820 concerns the Comments WordPress plugin (wpDiscuz) prior to 7.6.40. Red Hat, NVD, CIRCL, EUVD, Patchstack and CVE records describe an authentication flaw where disqus.com provider login fails to validate the user’s identity, enabling an attacker who knows a target email address to l...

PT-2026-1001

Name of the Vulnerable Software and Affected Versions Comments WordPress plugin versions prior to 7.6.40 Description The Comments WordPress plugin does not correctly verify a user’s identity when utilizing the disqus.com provider. This allows an attacker to log in as any user, provided they know...

WordPress plugin Comments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2014-5236

Malware in sbrugna...

EUVD-2014-5235

Malware in sbrugna...

EUVD-2014-5234

Malware in sbrugna...

EUVD-2025-2931

Malicious code in bioql PyPI...

EUVD-2023-28041

Malicious code in bioql PyPI...

EUVD-2023-27818

Malicious code in bioql PyPI...

CVE-2023-23732

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joel James Disqus Conditional Load plugin = 11.0.6 versions...

CVE-2023-23977

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin = 1.6.1 versions...

CVE-2014-5345

Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...

CVE-2014-5346

Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 activate or 2 deactivate the plugin via the active parameter to wp-admin/edit-comments.php, 3...

CVE-2025-28908

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pipdig pipDisqus pipdisqus allows Stored XSS.This issue affects pipDisqus: from n/a through = 1.6...

CVE-2025-22705

Cross-Site Request Forgery CSRF vulnerability in godthor Disqus Popular Posts disqus-popular-posts allows Reflected XSS.This issue affects Disqus Popular Posts: from n/a through = 2.1.1...

CVE-2025-22705

Cross-Site Request Forgery CSRF vulnerability in godthor Disqus Popular Posts disqus-popular-posts allows Reflected XSS.This issue affects Disqus Popular Posts: from n/a through = 2.1.1...