CVE-2026-22204 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the…
Medium CVSS: 6.3

CVE-2026-22204

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie. Attackers can craft a malicious cookie value that, when processed through urldecode() and passed to wp_mail() functions, enables header injection to alter email recipients or inject additional headers.
Vendor
Gvectors
Product
Wpdiscuz
CWE
CWE-20
Yayın Tarihi
2026-03-13 19:54:10
Güncelleme
2026-03-17 11:47:27
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-20 Wpdiscuz MEDIUM Gvectors 2026

Referanslar

https://wordpress.org/plugins/wpdiscuz/ https://wordpress.org/plugins/wpdiscuz/#developers https://www.vulncheck.com/advisories/wpdiscuz-before-unsanitized-cookie-email-used-as-wp-mail-recipient