| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-22216 | wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass | gVectors | wpDiscuz | Medium | 6.5 | 2026-03-13 01:18:17 | Deep Dive |
| CVE-2026-22215 | wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage | gVectors | wpDiscuz | Medium | 4.3 | 2026-03-13 01:18:15 | Deep Dive |
| CVE-2026-22210 | wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Attachment URLs | gVectors | wpDiscuz | Medium | 4.4 | 2026-03-13 01:18:14 | Deep Dive |
| CVE-2026-22209 | wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Custom CSS in Style Tag | gVectors | wpDiscuz | Medium | 5.5 | 2026-03-13 01:18:13 | Deep Dive |
| CVE-2026-22204 | wpDiscuz before 7.6.47 - Unsanitized Cookie Email Used as wp_mail() Recipient | gVectors | wpDiscuz | Low | 3.7 | 2026-03-13 01:18:12 | Deep Dive |
| CVE-2026-22203 | wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext | gVectors | wpDiscuz | Medium | 4.9 | 2026-03-13 01:18:10 | Deep Dive |
| CVE-2026-22202 | wpDiscuz before 7.6.47 - Destructive GET Action Deletes All Comments by Email | gVectors | wpDiscuz | High | 8.1 | 2026-03-13 01:18:09 | Deep Dive |
| CVE-2026-22201 | wpDiscuz before 7.6.47 - IP Address Spoofing in getIP() | gVectors | wpDiscuz | Medium | 5.3 | 2026-03-13 01:18:07 | Deep Dive |
| CVE-2026-22193 | wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions() | gVectors | wpDiscuz | High | 8.1 | 2026-03-13 01:18:05 | Deep Dive |
| CVE-2026-22183 | wpDiscuz before 7.6.47 - Stored Cross-Site Scripting in Inline Comment Preview | gVectors | wpDiscuz | Medium | 6.1 | 2026-03-13 01:18:01 | Deep Dive |
| CVE-2026-22182 | wpDiscuz before 7.6.47 - Unauthenticated Email Notification Flood via wpdCheckNotificationType | gVectors | wpDiscuz | High | 7.5 | 2026-03-13 01:17:59 | Deep Dive |
| CVE-2025-68997 | WordPress wpDiscuz plugin <= 7.6.43 - Insecure Direct Object References (IDOR) vulnerability | AdvancedCoding | wpDiscuz | 中危 | - | 2025-12-30 10:47:52 | Deep Dive |
| CVE-2025-59591 | WordPress wpDiscuz Plugin <= 7.6.33 - Broken Access Control Vulnerability | AdvancedCoding | wpDiscuz | Medium | 4.3 | 2025-09-22 18:25:46 | Deep Dive |
| CVE-2023-46309 | WordPress wpDiscuz plugin <= 7.6.10 - Broken Access Control vulnerability | AdvancedCoding | wpDiscuz | 中危 | - | 2025-01-02 12:00:17 | Deep Dive |
| CVE-2023-45760 | WordPress wpDiscuz plugin <= 7.6.3 - Broken Access Control vulnerability | AdvancedCoding | wpDiscuz | 中危 | - | 2025-01-02 11:59:54 | Deep Dive |
| CVE-2024-9488 | Comments – wpDiscuz <= 7.6.24 - Authentication Bypass via WordPress.com OAuth provider | advancedcoding | Comments – wpDiscuz | Critical | 9.8 | 2024-10-25 05:35:29 | Deep Dive |
| CVE-2024-6704 | Comments – wpDiscuz <= 7.6.21 - Unauthenticated HTML Injection | advancedcoding | Comments – wpDiscuz | Medium | 5.3 | 2024-08-02 10:59:33 | Deep Dive |
| CVE-2024-35681 | WordPress wpDiscuz plugin <= 7.6.18 - Cross Site Scripting (XSS) vulnerability | gVectors Team | wpDiscuz | Medium | 6.5 | 2024-06-08 15:00:14 | Deep Dive |
| CVE-2023-46310 | WordPress wpDiscuz plugin <= 7.6.10 - Content Injection vulnerability | gVectors Team | wpDiscuz | Medium | 5.3 | 2024-06-04 09:19:42 | Deep Dive |
| CVE-2024-2477 | wpDiscuz <= 7.6.15 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text | advancedcoding | Comments – wpDiscuz | Medium | 6.4 | 2024-04-23 13:50:41 | Deep Dive |