CVE-2026-22192

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access...

EUVD-2026-11750

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like alert1 in the custom CSS setting to execute arbitrary JavaScript i...

CVE-2026-22210

CVE-2026-22210 affects the WordPress plugin wpDiscuz prior to version 7.6.47. The issue is a cross-site scripting (XSS) vulnerability in the WpdiscuzHelperUpload class that allows injecting arbitrary JavaScript into image and anchor tag attributes via unescaped attachment URLs in HTML output. Att...

CVE-2026-22204 wpDiscuz before 7.6.47 - Unsanitized Cookie Email Used as wp_mail() Recipient

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the commentauthoremail cookie. Attackers can craft a malicious cookie value that, when processed through urldecode and passed to wpmail...

CVE-2026-22199

Technical details for CVE-2026-22199 are not publicly available in the provided connected documents. Monitor for updates from the vendor and CVE feeds.

CVE-2026-22191

Beghelli Sicuro24 SicuroWeb is affected by an AngularJS 1.5.2-based template injection chain that can lead to arbitrary JavaScript execution in operator browser sessions. The root cause is improper handling of untrusted input in AngularJS template contexts, combined with an end-of-life AngularJS ...

CVE-2026-22182

Summary of CVE-2026-22182 : The wpDiscuz plugin is affected by an unauthenticated denial-of-service vulnerability in versions prior to 7.6.47. An anonymous attacker can trigger mass notification emails by abusing checkNotificationType() through repeated calls to wpdiscuz-ajax.php, using arbitrary...

PT-2026-25146

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...

PT-2026-25140

wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the...

CVE-2023-45760

Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through = 7.6.3...

EUVD-2023-50530

Malicious code in bioql PyPI...

CVE-2024-35681

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18...

CVE-2023-46309

Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through = 7.6.10...

CVE-2023-45760

Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through = 7.6.3...

CVE-2023-45760

Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.3...

WordPress plugin wpDiscuz 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress wpDiscuz plugin <= 7.6.24 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by wesley wcraft in WordPress Plugin wpDiscuz versions = 7.6.24...

Exploit for Unrestricted Upload of File with Dangerous Type in Gvectors Wpdiscuz

CVE-2020-24186 reverse shell upload Exploit for WpDiscuz 7.0.4...

Exploit for Unrestricted Upload of File with Dangerous Type in Gvectors Wpdiscuz

CVE-2020-24186-exploit CVE-2020-24186的攻击脚本 E...

Exploit for Unrestricted Upload of File with Dangerous Type in Gvectors Wpdiscuz

POC CVE-2020-24186-wpDiscuz-7.0.4-RCE WordPress wpDiscuz 7.0...