PT-2026-1001 · WordPress · Jcomments

Wcraft

Publicado

2026-01-01

Atualizado

2026-01-11

CVE-2025-13820

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Comments WordPress plugin versions prior to 7.6.40

Description The Comments WordPress plugin does not properly validate user identity when utilizing the disqus.com provider. This allows an attacker to log in as any user, given knowledge of their email address, even if the user does not have an existing account on disqus.com.

Recommendations Update the Comments WordPress plugin to version 7.6.40 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2025-13820

Produtos afetados

Jcomments

PT-2026-1001 · WordPress · Jcomments

CVE-2025-13820

Identificadores relacionados

Produtos afetados

Referências · 8