Vulnerabilities and security researches forcomments-plus comments-plus

May 29, 2026

CVE, Research URL: CVE-2026-42749
Home page URL: Security reports for Disable Comments for Any Post Types (Remove comments)
Application: Disable Comments for Any Post Types (Remove comments)
Date: May 27, 2026
Research Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types (Remove comments): from n/a through <= 1.3.0.
Affected versions: max 1.3.0.
Status: vulnerable