Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-22215

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

5.4CVSS5.6AI score0.00153EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.5 views

EUVD-2026-11752

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

5.3CVSS5.7AI score0.00153EPSS
Exploits0References4
NVD
NVD
added 2026/03/13 7:54 p.m.6 views

CVE-2026-22215

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

5.4CVSS0.00153EPSS
Exploits0References3
CVE
CVE
added 2026/03/13 1:18 a.m.13 views

CVE-2026-22215

wpDiscuz prior to 7.6.47 is affected by a CSRF flaw in getFollowsPage that allows triggering unauthorized actions without nonce validation. The vulnerability enables an attacker to craft requests to enumerate follow relationships and alter user follow data via the follows page handler. Root cause...

5.4CVSS5.7AI score0.00153EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/13 1:18 a.m.3 views

CVE-2026-22215 wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

5.3CVSS5.7AI score0.00153EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/13 1:18 a.m.4 views

CVE-2026-22215

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

5.3CVSS5.7AI score0.00153EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/13 1:18 a.m.26 views

CVE-2026-22215 wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

5.3CVSS0.00153EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.6 views

PT-2026-25147

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

5.3CVSS5.7AI score0.00153EPSS
Exploits0References3
Rows per page
Query Builder