A critical Settings Change vulnerability has been identified in the Deeper Comments plugin. This vulnerability could allow a malicious actor to change the settings of WordPress website, potentially giving them control of the website.
Jerome Bruandet discovered and reported this vulnerability.
This vulnerability is caused by a flaw in the way that the Deeper Comments plugin handles user input. The vulnerability allows an attacker to exploit a flaw in the plugin’s code to change the settings of the affected website.
Severity
Critical (CVSS 3.1 score of 8.8)
Affected Versions
All versions of the Deeper Comments plugin
Impact
If a malicious actor is able to exploit this vulnerability, they could:
- Change the settings of your WordPress website, potentially giving them control of your website.
- Install malicious plugins or themes on the website.
- Steal data from the website, such as user information or passwords.
- Deface your website.
Recommendation
Given the critical nature of this security vulnerability, user must take immediate action to secure the WordPress site:
- Temporary Deactivation: Consider temporarily deactivating the Deeper Comments Plugin until a patched version is made available by the developer.
- Monitor for Updates: Continuously check for updates to the Deeper Comments Plugin. Once a patched version is released, update the plugin as soon as possible.
- Patch Review: Upon the release of an update, ensure it includes a fix for the vulnerability you’re concerned about. Review the plugin’s changelog and release notes for information regarding security improvements.
- Alternative Plugins: Explore alternative comment-related plugins to replace Deeper Comments temporarily. Ensure any alternatives are reputable and actively maintained.
