The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment.
5.3CVSS
5.5AI Score
0.001EPSS
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.
5.3CVSS
5.5AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments β wpDiscuz.This issue affects Comments β wpDiscuz: from n/a through 7.6.3.
6.5CVSS
6.4AI Score
0.001EPSS
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments β wpDiscuz plugin <= 7.6.11 versions.
6.1CVSS
5.7AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments β wpDiscuz plugin <= 7.6.11 versions.
8.8CVSS
8.8AI Score
0.001EPSS