Back to Explorer

CVE-2025-13820

PUBLISHED
1/1/2026 1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81

Technical Description

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an account on disqus.com yet.

Affected Products

Unknown
Comments
0

References

https://wpscan.com/vulnerability/21bc9b41-a967-42dc-9916-bb993b05709c/
External Link

Impact Analysis

Attack Vector Network
Attack Complexity Low
Privileges Required None