CVE-2026-22203 wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

CVE-2026-22203

wpDiscuz before 7.6.47 has an information disclosure vulnerability: exporting plugin options as JSON can leak plaintext OAuth secrets (e.g., fbAppSecret, googleClientSecret, twitterAppSecret, and other social-login credentials) via support tickets, backups, or version control repositories. The CV...

CVE-2026-22191 Beghelli Sicuro24 SicuroWeb AngularJS Template Injection

Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by...

WordPress plugin wpDiscuz 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-25143

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret...

WordPress plugin wpDiscuz 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Exploit for Unrestricted Upload of File with Dangerous Type in Gvectors Wpdiscuz

wpDiscuz-7.0.4-PoC-RCE - wpDiscuz 7.0.4 - Unauthenticated RCE...

CVE-2024-2477

The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Comments - wpDiscuz plugin < 7.6.40 - Unauthenticated Account Takeover vulnerability

WordPress Comments - wpDiscuz plugin 7.6.40 - Unauthenticated Account Takeover vulnerability discovered by wcraft in WordPress Plugin wpDiscuz versions 7.6.40...

CVE-2025-13820 Comments – wpDiscuz < 7.6.40 - Unauthenticated Account Takeover

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...

CVE-2025-13820 Comments – wpDiscuz < 7.6.40 - Unauthenticated Account Takeover

The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user when knowing their email address when such user does not have an account on disqus.com yet...

CVE-2025-68997 WordPress wpDiscuz plugin <= 7.6.43 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through = 7.6.43...

CVE-2025-68997

Technical details about CVE-2025-68997 are not provided in the connected documents. Public disclosures, affected versions, exploit information, and fixes are not available here. Monitor for updates from vendors/security advisories.

EUVD-2021-11649

Malware in sbrugna...

EUVD-2021-11718

Malware in sbrugna...

EUVD-2023-44497

Malicious code in bioql PyPI...

EUVD-2024-47748

Malicious code in bioql PyPI...

EUVD-2023-44621

Malicious code in bioql PyPI...

EUVD-2023-51873

Malicious code in bioql PyPI...

EUVD-2024-27426

Malicious code in bioql PyPI...