A critical Settings Change vulnerability has been identified in the Deeper Comments plugin. This vulnerability could allow a malicious actor to change the settings of WordPress website, potentially giving them control of the website.
Jerome Bruandet discovered and reported this vulnerability.
This vulnerability is caused by a flaw in the way that the Deeper Comments plugin handles user input. The vulnerability allows an attacker to exploit a flaw in the plugin’s code to change the settings of the affected website.
Critical (CVSS 3.1 score of 8.8)
All versions of the Deeper Comments plugin
If a malicious actor is able to exploit this vulnerability, they could:
- Change the settings of your WordPress website, potentially giving them control of your website.
- Install malicious plugins or themes on the website.
- Steal data from the website, such as user information or passwords.
- Deface your website.
Given the critical nature of this security vulnerability, user must take immediate action to secure the WordPress site:
- Temporary Deactivation: Consider temporarily deactivating the Deeper Comments Plugin until a patched version is made available by the developer.
- Monitor for Updates: Continuously check for updates to the Deeper Comments Plugin. Once a patched version is released, update the plugin as soon as possible.
- Patch Review: Upon the release of an update, ensure it includes a fix for the vulnerability you’re concerned about. Review the plugin’s changelog and release notes for information regarding security improvements.
- Alternative Plugins: Explore alternative comment-related plugins to replace Deeper Comments temporarily. Ensure any alternatives are reputable and actively maintained.