wpDiscuz Premium - WordPress Comments Plugin 7.6.45

v7.6.45 - 19.01.2026 =
* Added: A new filter hook "wpdiscuz_validate_nonce_for_guests" to control wpdGetNonce ajax requests for guest users

v7.6.44 - 15.01.2026 =
* Security: Fixed IDOR vulnerability in AJAX actions (CVE-2025-68997)
* Security: Added post access authorization check to voteOnComment - uses $comment->comment_post_ID from database, not user-supplied postId (prevents parameter manipulation bypass)
* Security: Added server-side rate limiting to AJAX actions (vote 20/min, rate 10/min, follow 15/min, subscribe 10/min)
* Security: Rate limiting on voteOnComment, userRate, followUser, addSubscription
* Security: Enhanced client fingerprinting (IP + User-Agent + Accept-Language)
* Security: Rate limiting executes before nonce validation for maximum protection
* Security: Object validation - verifies comment exists and is approved before processing
* Security: Post status validation - blocks access to private/password-protected posts for unauthorized users

v7.6.43 - 12.01.2026 =
* Fixed: Insecure Direct Object References (IDOR) vulnerability

v7.6.42 – 23.12.2025​

• Fixed: An issue with inline commenting in Elementor

v7.6.41 – 22.12.2025​

• Updated: Added gutenberg toolbar button for inline feedback shortcode generation

v7.6.40 – 09.12.2025​

• Fixed: Disqus login vulnerability

* Added: Compatibility with WordPress 6.9

* Fixed: Issues with PHP 8.x versions

* Fixed: Email notification issue for comments made by anonymous users.

* Updated: Vk Login to Vk ID login
* Removed: mail.ru and ok.ru social login
* Removed: Zerospam and postmatic support
* Removed: Anonymous comment author name and email auto generation

* Fixed: An issue during the plugin deactivation
* Fixed: An issue with 'Enable subscription bar' option
* Fixed: An issue with caching

v7.6.33​

• Fixed: Avatars compatibility issue with wpForo

v7.6.32​

• Fixed: An error when getting users’ avatars

* Fixed: Potential security issue
* Fixed: Issue with BuddyPress uploaded avatars

* Added: New arguments for "wpdiscuz_comment_posted" JS event
* Fixed: Error Class "WpdiscuzHelper" Not Found
* Fixed: Issue with form options on switching blogs