GHSA-mc85-hq4f-frgpHighCVSS 8.8

The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,...

Published
July 8, 2026
Last Modified
July 8, 2026

🔗 CVE IDs covered (1)

📋 Description

The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an always-empty WordPress option, which allows the endpoint's update_option handler to pass attacker-controlled option and value parameters directly to WordPress's update_option function without any allowlist or sanitization. This makes it possible for unauthenticated attackers to update arbitrary WordPress options — such as setting default_role to administrator and enabling open registration — and subsequently register an account with full administrator privileges.

🔗 References (6)