Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/01/01 6:0 a.m.23 views

CVE-2025-13820 Comments – wpDiscuz < 7.6.40 - Unauthenticated Account Takeover

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...

0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/01 6:0 a.m.4 views

CVE-2025-13820 Comments – wpDiscuz < 7.6.40 - Unauthenticated Account Takeover

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...

6.3AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/01/01 6:0 a.m.21 views

CVE-2025-13820

CVE-2025-13820 concerns the Comments WordPress plugin (wpDiscuz) prior to 7.6.40. Red Hat, NVD, CIRCL, EUVD, Patchstack and CVE records describe an authentication flaw where disqus.com provider login fails to validate the user’s identity, enabling an attacker who knows a target email address to l...

5.3CVSS6.3AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/01 12:0 a.m.6 views

WordPress plugin Comments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.7AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-1001

Name of the Vulnerable Software and Affected Versions Comments WordPress plugin versions prior to 7.6.40 Description The Comments WordPress plugin does not correctly verify a user’s identity when utilizing the disqus.com provider. This allows an attacker to log in as any user, provided they know...

5.3CVSS6.5AI score0.00226EPSS
Exploits0References8
Rows per page
Query Builder