VYPR
Medium severity5.3NVD Advisory· Published Jan 1, 2026· Updated Apr 15, 2026

CVE-2025-13820

CVE-2025-13820

Description

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an account on disqus.com yet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.