CVE-2026-22201 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement…
Medium CVSS: 6.9

CVE-2026-22201

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR headers to spoof their IP address and circumvent security controls.
Vendor
Gvectors
Product
Wpdiscuz
CWE
CWE-348
Yayın Tarihi
2026-03-13 19:54:10
Güncelleme
2026-03-17 20:25:44
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-348 Wpdiscuz MEDIUM Gvectors 2026

Referanslar

https://wordpress.org/plugins/wpdiscuz/ https://wordpress.org/plugins/wpdiscuz/#developers https://www.vulncheck.com/advisories/wpdiscuz-before-ip-address-spoofing-in-getip