Comments – wpDiscuz

Changelog

IMPORTANT!

Please don’t forget delete all caches and purge CDN after the update.

Comments – wpDiscuz v7.6.46 – 09.02.2026

  • Added: A new filter hook “wpdiscuz_is_update_nonce_with_ajax” to control nonce ajax requests for guests

Comments – wpDiscuz v7.6.45 – 19.01.2026

  • Added: A new filter hook “wpdiscuz_validate_nonce_for_guests” to control wpdGetNonce ajax requests for guest users

Comments – wpDiscuz v7.6.44 – 15.01.2026

  • Security: Fixed IDOR vulnerability in AJAX actions (CVE-2025-68997)
  • Security: Added post access authorization check to voteOnComment – uses $comment->comment_post_ID from database, not user-supplied postId (prevents parameter manipulation bypass)
  • Security: Added server-side rate limiting to AJAX actions (vote 20/min, rate 10/min, follow 15/min, subscribe 10/min)
  • Security: Rate limiting on voteOnComment, userRate, followUser, addSubscription
  • Security: Enhanced client fingerprinting (IP + User-Agent + Accept-Language)
  • Security: Rate limiting executes before nonce validation for maximum protection
  • Security: Object validation – verifies comment exists and is approved before processing
  • Security: Post status validation – blocks access to private/password-protected posts for unauthorized users

Comments – wpDiscuz v7.6.43 – 12.01.2026

  • Fixed: Insecure Direct Object References (IDOR) vulnerability

Comments – wpDiscuz v7.6.42 – 23.12.2025

  • Fixed: An issue with inline commenting in Elementor

Comments – wpDiscuz v7.6.41 – 22.12.2025

  • Updated: Added gutenberg toolbar button for inline feedback shortcode generation

Comments – wpDiscuz v7.6.40 – 09.12.2025

  • Fixed: Disqus login vulnerability

Plugin Website
Visit website

Version:
7.6.46
Last Updated
February 9, 2026
Active Installs
80000
Requires
WordPress 5.0
Tested Up To
WordPress 6.9.1
Requires PHP
5.6

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.