More information about this CVE will likely be available in a few days

Description

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an account on disqus.com yet.

Related CPE's

Could not find any relations

References

https://wpscan.com/vulnerability/21bc9b41-a967-42dc-9916-bb993b05709c/

Weaknesses

Could not find any weaknesses

CVSS impact metrics

Could not find any metrics

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2026-01-01T06:15:45.010

3 hours ago

Last modified

2026-01-01T06:15:45.010

3 hours ago