CVE-2026-22215

Medium CVSS: 5.3

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by exploiting the missing CSRF protection in the follows page handler.

Vendor

Gvectors

Product

Wpdiscuz

CWE

CWE-352

Yayın Tarihi

2026-03-13 19:54:11

Güncelleme

2026-03-17 11:44:28

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-352 Wpdiscuz MEDIUM Gvectors 2026

Referanslar

https://wordpress.org/plugins/wpdiscuz/ https://wordpress.org/plugins/wpdiscuz/#developers https://www.vulncheck.com/advisories/wpdiscuz-before-missing-csrf-protection-on-wpdgetfollowspage

Benzer Kayıtlar

Medium

CVE-2026-22216

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe…

Medium

CVE-2026-22209

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators t…

Low

CVE-2026-22210

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code thro…

Medium

CVE-2026-22201

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-…

Medium

CVE-2026-22202

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments…

Medium

CVE-2026-22203

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expo…