Lucene search
+L
GvectorsWpdiscuz

33 matches found

CVE
CVE
added 2026/03/13 1:17 a.m.233 views

CVE-2026-22182

Summary of CVE-2026-22182 : The wpDiscuz plugin is affected by an unauthenticated denial-of-service vulnerability in versions prior to 7.6.47. An anonymous attacker can trigger mass notification emails by abusing checkNotificationType() through repeated calls to wpdiscuz-ajax.php, using arbitrary...

8.7CVSS5.9AI score0.00524EPSS
Web
CVE
CVE
added 2020/08/24 1:2 p.m.204 views

CVE-2020-24186

CVE-2020-24186 affects the WordPress wpDiscuz plugin (versions 7.0.0 through 7.0.4). The flaw allows unauthenticated attackers to upload arbitrary files via the wmuUploadFiles AJAX action, enabling remote code execution (RCE) by uploading PHP content. Public exploits and PoCs in the connected doc...

10CVSS9.6AI score0.94535EPSS
Web
CVE
CVE
added 2022/02/21 5:49 p.m.152 views

CVE-2022-23984

CVE-2022-23984 affects the WordPress wpDiscuz plugin (versions ≤ 7.3.11) with a sensitive information disclosure vulnerability. Root cause and exact exploit path are not detailed in the provided documents, but remediation is to update to the latest available version, at least 7.3.12 (as noted by ...

7.5CVSS5.5AI score0.01109EPSS
CVE
CVE
added 2024/04/23 1:50 p.m.96 views

CVE-2024-2477

CVE-2024-2477 affecting wpDiscuz for WordPress: Stored XSS via the image Alt text in image uploads exists in all versions up to 7.6.15 due to insufficient input sanitization/output escaping. The Red Hat advisory and Wordfence note describe the vulnerability as present in wpDiscuz and detail that ...

6.4CVSS5.7AI score0.0034EPSS
CVE
CVE
added 2023/11/22 6:23 p.m.82 views

CVE-2023-47775

CVE-2023-47775 : Cross-Site Request Forgery in the WordPress plugin wpDiscuz (gVectors Team Comments) affects versions

8.8CVSS6.5AI score0.00261EPSS
CVE
CVE
added 2024/10/25 5:35 a.m.79 views

CVE-2024-9488

CVE-2024-9488 concerns the WordPress plugin Comments – wpDiscuz (versions ≤ 7.6.24). The flaw is an authentication bypass caused by insufficient verification of the user returned by the social login token, enabling unauthenticated attackers to log in as any existing user (including administrators...

9.8CVSS9.7AI score0.0081EPSS
CVE
CVE
added 2023/10/20 7:29 a.m.75 views

CVE-2023-3998

CVE-2023-3998 affects the WordPress wpDiscuz plugin. The vulnerability is an unauthorized data modification flaw due to a missing authorization check in the helper workflow (function: userRate), impacting versions up to and including 7.6.3. An unauthenticated attacker can increase or decrease a p...

5.3CVSS5.5AI score0.00401EPSS
CVE
CVE
added 2025/01/02 11:59 a.m.74 views

CVE-2023-45760

CVE-2023-45760: wpDiscuz

8.8CVSS7.3AI score0.004EPSS
CVE
CVE
added 2020/06/18 2:34 p.m.70 views

CVE-2020-13640

The CVE-2020-13640 issue affects the WordPress plugin wpDiscuz (gVectors) versions up to 5.3.5. The vulnerability is a SQL injection in the wpdLoadMoreComments request, exploitable via the order parameter, enabling an attacker to execute arbitrary SQL commands. Impact is unauthenticated remote ex...

9.8CVSS10AI score0.12706EPSS
CVE
CVE
added 2025/01/02 12:0 p.m.70 views

CVE-2023-46309

CVE-2023-46309 affects WordPress plugin wpDiscuz prior to version 7.6.11, where a Missing Authorization flaw in access control allows unauthenticated users to perform restricted actions due to broken access control. Publicly known details indicate the affected range is wpDiscuz

7.3CVSS5.8AI score0.00347EPSS
CVE
CVE
added 2023/12/20 1:32 p.m.68 views

CVE-2023-46311

CVE-2023-46311 refers to the WordPress plugin wpDiscuz (Comments)

6.5CVSS7.1AI score0.00527EPSS
CVE
CVE
added 2022/11/18 10:8 p.m.65 views

CVE-2022-43492

CVE-2022-43492 affects WordPress with the wpDiscuz plugin at version 7.4.2. It is an Insecure Direct Object References (IDOR) in the Comments feature. The NVD entry lists CVSS v3.1 base metrics: 8.8 (High) with NEURAL: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; PatchStack cites a lower impact vector. R...

8.8CVSS6.4AI score0.00593EPSS
CVE
CVE
added 2023/10/20 7:29 a.m.62 views

CVE-2023-3869

CVE-2023-3869 affects the WordPress wpDiscuz plugin (versions up to and including 7.6.3). The issue is an unauthorized modification of data due to a missing authorization check in the voteOnComment function, enabling unauthenticated attackers to increase or decrease a comment’s rating (IDOR-like ...

5.3CVSS5.5AI score0.00401EPSS
CVE
CVE
added 2021/10/11 10:45 a.m.61 views

CVE-2021-24737

CVE-2021-24737 affects the WordPress wpDiscuz plugin up to v7.3.0. It fails to sanitize/escape Follow and Unfollow messages, enabling Stored XSS by high-privilege users even when unfiltered_html is disallowed. Exploitation vectors are via output on pages and documented PoCs exist in multiple sour...

4.8CVSS4.8AI score0.00598EPSS
CVE
CVE
added 2023/11/06 10:56 a.m.60 views

CVE-2023-47185

CVE-2023-47185: Unauth. stored XSS in the WordPress wpDiscuz plugin (gVectors Team Comments) affects versions

7.1CVSS5.8AI score0.0037EPSS
CVE
CVE
added 2024/06/08 3:0 p.m.60 views

CVE-2024-35681

CVE-2024-35681 pertains to wpDiscuz (gVectors Team) and is a Stored XSS vulnerability described as Improper Neutralization of Input During Web Page Generation. Affected: wpDiscuz versions from n/a through 7.6.18. The vulnerability type is Cross-site Scripting with Stored payloads; exploitation co...

6.5CVSS6.2AI score0.00261EPSS
CVE
CVE
added 2024/06/04 9:19 a.m.54 views

CVE-2023-46310

CVE-2023-46310 describes a Content Injection vulnerability in the WordPress plugin wpDiscuz (gVectors Team) affecting versions up to 7.6.10. The issue is due to improper neutralization of script-related HTML tags, enabling code injection via wpDiscuz content. Public sources in the connected docum...

6.1CVSS5.4AI score0.00283EPSS
CVE
CVE
added 2021/11/08 5:35 p.m.52 views

CVE-2021-24806

CVE-2021-24806 documents a CSRF vulnerability in the WordPress plugin wpDiscuz, affecting versions before 7.3.4. The flaw is a CSRF check failure for adding, editing, and deleting comments, enabling an attacker to cause logged-in users (including admins or the comment author) to edit/delete arbit...

4.3CVSS4.5AI score0.00467EPSS
Web
CVE
CVE
added 2024/02/01 10:57 a.m.46 views

CVE-2023-51691

CVE-2023-51691 concerns the WordPress plugin wpDiscuz, where versions n/a through 7.6.12 are affected by a Stored Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation. The root cause is input not being properly sanitized, enabling an attacker...

5.9CVSS5.1AI score0.00336EPSS
CVE
CVE
added 2024/08/02 10:59 a.m.42 views

CVE-2024-6704

The CVE-2024-6704 entry applies to the WordPress plugin Comments – wpDiscuz. Affected versions are

6.1CVSS5.4AI score0.00596EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.34 views

CVE-2026-22191

Beghelli Sicuro24 SicuroWeb is affected by an AngularJS 1.5.2-based template injection chain that can lead to arbitrary JavaScript execution in operator browser sessions. The root cause is improper handling of untrusted input in AngularJS template contexts, combined with an end-of-life AngularJS ...

5.2CVSS6.1AI score0.00362EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.21 views

CVE-2026-22193

wpDiscuz plugin (before version 7.6.47) contains an SQL injection in getAllSubscriptions caused by improper quote escaping for parameters email, activation_key, subscription_date, and imported_from. This allows altering queries and potentially exfiltrating sensitive data. CVSS metrics indicate hi...

9.2CVSS5.9AI score0.00305EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.21 views

CVE-2026-22199

Technical details for CVE-2026-22199 are not publicly available in the provided connected documents. Monitor for updates from the vendor and CVE feeds.

8.7CVSS5.8AI score0.00976EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.21 views

CVE-2026-22201

wpDiscuz before 7.6.47 is affected by an IP spoofing vulnerability in the getIP() function. By trusting untrusted HTTP headers (HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR), an attacker can spoof their IP address and bypass IP-based rate limiting and ban enforcement. The CVE entry specifies the issue ...

6.9CVSS5.8AI score0.00152EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.20 views

CVE-2026-22209

The CVE concerns wpDiscuz before 7.6.47, where a cross-site scripting (XSS) flaw exists in the customCss field. The underlying issue allows an administrator to break out of style tags and inject scripts (for example, ), enabling arbitrary JavaScript execution in the browsers of users. The vulnera...

5.5CVSS5.9AI score0.00222EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.18 views

CVE-2026-22183

CVE-2026-22183 affects the WordPress wpDiscuz plugin prior to 7.6.47. The stored XSS occurs in the inline comment preview, where comment content rendered in the AJAX response from getLastInlineComments() in class.WpdiscuzHelperAjax.php is not properly HTML escaped. Attackers with unfiltered_html ...

6.1CVSS5.6AI score0.00169EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.18 views

CVE-2026-22203

wpDiscuz before 7.6.47 has an information disclosure vulnerability: exporting plugin options as JSON can leak plaintext OAuth secrets (e.g., fbAppSecret, googleClientSecret, twitterAppSecret, and other social-login credentials) via support tickets, backups, or version control repositories. The CV...

6.9CVSS5.8AI score0.00274EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.16 views

CVE-2026-22192

Technical details are not publicly available in the provided documents. Monitor for updates.

9.9CVSS5.8AI score0.0027EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.15 views

CVE-2026-22202

wpDiscuz before 7.6.47 is affected by a cross-site request forgery that lets an attacker delete all comments for a target email by triggering a crafted GET request containing a valid HMAC key. The attacker can embed the deletecomments action URL in image tags or other resources to cause permanent...

8.1CVSS5.7AI score0.00166EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.15 views

CVE-2026-22216

wpDiscuz 7.6.46 and earlier is affected by a missing rate-limiting vulnerability in the wpdAddSubscription handler (class.WpdiscuzHelperAjax.php). Unauthenticated attackers can submit POST requests to subscribe arbitrary email addresses to post notifications, abusing LIKE wildcard matching in the...

6.9CVSS5.9AI score0.0032EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.14 views

CVE-2026-22210

CVE-2026-22210 affects the WordPress plugin wpDiscuz prior to version 7.6.47. The issue is a cross-site scripting (XSS) vulnerability in the WpdiscuzHelperUpload class that allows injecting arbitrary JavaScript into image and anchor tag attributes via unescaped attachment URLs in HTML output. Att...

6.1CVSS5.8AI score0.00161EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.14 views

CVE-2026-22215

wpDiscuz prior to 7.6.47 is affected by a CSRF flaw in getFollowsPage that allows triggering unauthorized actions without nonce validation. The vulnerability enables an attacker to craft requests to enumerate follow relationships and alter user follow data via the follows page handler. Root cause...

5.4CVSS5.7AI score0.00153EPSS
CVE
CVE
added 2026/03/13 1:18 a.m.12 views

CVE-2026-22204

wpDiscuz prior to 7.6.47 has an email header injection due to unsanitized comment_author_email cookie. An attacker can craft a cookie value that, after urldecode() is processed by wp_mail(), injects headers or alters recipients. The exact impact and exploit status are not elaborated beyond the de...

6.3CVSS5.8AI score0.00221EPSS