PT-2026-1001 · WordPress · Jcomments
Wcraft
·
Published
2026-01-01
·
Updated
2026-01-11
·
CVE-2025-13820
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Comments WordPress plugin versions prior to 7.6.40
Description
The Comments WordPress plugin does not properly validate user identity when utilizing the disqus.com provider. This allows an attacker to log in as any user, given knowledge of their email address, even if the user does not have an existing account on disqus.com.
Recommendations
Update the Comments WordPress plugin to version 7.6.40 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jcomments