WordPress Comments – wpDiscuz Plugin Security Update Advisory (CVE-2024-9488)

Oct 28 2024

Overview

An update has been released to address vulnerabilities in WordPress Comments – wpDiscuz Plugin. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-9488

wpDiscuz versions: ~ 7.6.24 (inclusive)

Resolved Vulnerabilities

Authentication bypass vulnerability that could allow an attacker to log in as an existing user (including administrators) without authentication if they knew their email (CVE-2024-9488)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-9488

wpDiscuz version: 7.6.25

Referenced Sites

[1] CVE-2024-9488 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-9488

[2] Comments – wpDiscuz <= 7.6.24 – Authentication Bypass

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpdiscuz/comments-wpdiscuz-7624-authentication-bypass

WordPress Comments – wpDiscuz Plugin Security Update Advisory (CVE-2024-9488)

Nginx UI Security Update Advisory (CVE-2024-49368)

OneDev Security Update Advisory (CVE-2024-45309)

Tags:

Nginx UI Security Update Advisory (CVE-2024-49368)

OneDev Security Update Advisory (CVE-2024-45309)