3 matches found
CVE-2026-22210 wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Attachment URLs
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...
CVE-2026-22210
CVE-2026-22210 affects the WordPress plugin wpDiscuz prior to version 7.6.47. The issue is a cross-site scripting (XSS) vulnerability in the WpdiscuzHelperUpload class that allows injecting arbitrary JavaScript into image and anchor tag attributes via unescaped attachment URLs in HTML output. Att...
PT-2026-25146
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...