CVE-2026-42749 HIGH

CVE-2026-42749: WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability

Vendor Themeisle

Product Disable Comments for Any Post Types (Remove comments)

Weakness CWE-288

Published May 27, 2026

Last update May 27, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types (Remove comments): from n/a through <= 1.3.0.

Key dates

Disclosure timeline

May 27, 2026 CVE published

May 27, 2026 Record updated

Identifiers

CVE CVE-2026-42749

CWE CWE-288

CVSS 7.1 / HIGH

Affected versions

Vendor Themeisle

Product Disable Comments for Any Post Types (Remove comments)

Affected ≤ 1.3.0