cleantalk
Vulnerabilities and Security Researches

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support], CVE-2014-2550

CVE, Research URL

CVE-2014-2550

Home page URL

Security reports for Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

Application

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

Published on
Mar 20, 2018
Research Description
Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php.
Affected versions
Min -, max 1.0.4.
Status
vulnerable
Previous vulnerability researches
Disable Comments | WPZest (CVE-2024-32135) , Jun 07, 2024
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] (CVE-2014-2550) , Jun 07, 2024
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] , Mar 12, 2025
New vulnerability
WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log (CVE-2025-39544) , Apr 17, 2025
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages (CVE-2025-26992) , Apr 17, 2025
SKT Blocks – Gutenberg based Page Builder (CVE-2025-26998) , Apr 17, 2025
DN Shipping by Weight for WooCommerce (CVE-2025-32535) , Apr 17, 2025
Sign-up Sheets (CVE-2025-26996) , Apr 17, 2025