216.73.217.139

CVE-2025-13820

· Published 01/01/2026 06:15 · Modified 01/01/2026 06:15

Labels: CVE-2025-13820 2026-01-01CVE-2025-13820[email protected]

Essential information

Published
01/01/2026 06:15
Modified
01/01/2026 06:15
Author
Creator
CISA KEV
No
CWE

Description

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an account on disqus.com yet.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wordpress / comments plugin cpe:2.3:a:wordpress:comments_plugin:<7.6.40:*:*:*:*:*:wordpress:*:*

References