5 matches found
CVE-2025-13820 Comments – wpDiscuz < 7.6.40 - Unauthenticated Account Takeover
The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...
CVE-2025-13820 Comments – wpDiscuz < 7.6.40 - Unauthenticated Account Takeover
The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...
CVE-2025-13820
CVE-2025-13820 concerns the Comments WordPress plugin (wpDiscuz) prior to 7.6.40. Red Hat, NVD, CIRCL, EUVD, Patchstack and CVE records describe an authentication flaw where disqus.com provider login fails to validate the user’s identity, enabling an attacker who knows a target email address to l...
WordPress plugin Comments 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2026-1001
Name of the Vulnerable Software and Affected Versions Comments WordPress plugin versions prior to 7.6.40 Description The Comments WordPress plugin does not correctly verify a user’s identity when utilizing the disqus.com provider. This allows an attacker to log in as any user, provided they know...