CVE-2025-13820
Essential information
- Published
- 01/01/2026 06:15
- Modified
- 01/01/2026 06:15
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an account on disqus.com yet.
NVD status
- Status
- Received — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| wordpress / comments plugin | cpe:2.3:a:wordpress:comments_plugin:<7.6.40:*:*:*:*:*:wordpress:*:* |