| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-22216 | wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass | gVectors | wpDiscuz | Medium | 6.5 | 2026-03-13 01:18:17 | Deep Dive |
| CVE-2026-22215 | wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage | gVectors | wpDiscuz | Medium | 4.3 | 2026-03-13 01:18:15 | Deep Dive |
| CVE-2026-22210 | wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Attachment URLs | gVectors | wpDiscuz | Medium | 4.4 | 2026-03-13 01:18:14 | Deep Dive |
| CVE-2026-22209 | wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Custom CSS in Style Tag | gVectors | wpDiscuz | Medium | 5.5 | 2026-03-13 01:18:13 | Deep Dive |
| CVE-2026-22204 | wpDiscuz before 7.6.47 - Unsanitized Cookie Email Used as wp_mail() Recipient | gVectors | wpDiscuz | Low | 3.7 | 2026-03-13 01:18:12 | Deep Dive |
| CVE-2026-22203 | wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext | gVectors | wpDiscuz | Medium | 4.9 | 2026-03-13 01:18:10 | Deep Dive |
| CVE-2026-22202 | wpDiscuz before 7.6.47 - Destructive GET Action Deletes All Comments by Email | gVectors | wpDiscuz | High | 8.1 | 2026-03-13 01:18:09 | Deep Dive |
| CVE-2026-22201 | wpDiscuz before 7.6.47 - IP Address Spoofing in getIP() | gVectors | wpDiscuz | Medium | 5.3 | 2026-03-13 01:18:07 | Deep Dive |
| CVE-2026-22193 | wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions() | gVectors | wpDiscuz | High | 8.1 | 2026-03-13 01:18:05 | Deep Dive |
| CVE-2026-22183 | wpDiscuz before 7.6.47 - Stored Cross-Site Scripting in Inline Comment Preview | gVectors | wpDiscuz | Medium | 6.1 | 2026-03-13 01:18:01 | Deep Dive |
| CVE-2026-22182 | wpDiscuz before 7.6.47 - Unauthenticated Email Notification Flood via wpdCheckNotificationType | gVectors | wpDiscuz | High | 7.5 | 2026-03-13 01:17:59 | Deep Dive |
| CVE-2026-28562 | wpForo Forum 2.4.14 SQL Injection via Topics ORDER BY Parameter | gVectors Team | wpForo Forum | High | 8.2 | 2026-02-28 21:47:42 | Deep Dive |
| CVE-2026-28561 | wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates | gVectors Team | wpForo Forum | Medium | 5.5 | 2026-02-28 21:47:41 | Deep Dive |
| CVE-2026-28560 | wpForo Forum 2.4.14 Stored XSS via Unsafe JSON Encoding in Inline Script | gVectors Team | wpForo Forum | Medium | 5.5 | 2026-02-28 21:47:40 | Deep Dive |
| CVE-2026-28559 | wpForo Forum 2.4.14 Information Disclosure via Global RSS Feed | gVectors Team | wpForo Forum | Medium | 5.3 | 2026-02-28 21:47:39 | Deep Dive |
| CVE-2026-28558 | wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload | gVectors Team | wpForo Forum | Medium | 6.4 | 2026-02-28 21:47:38 | Deep Dive |
| CVE-2026-28557 | wpForo Forum 2.4.14 Privilege Escalation via Role Synchronization Handler | gVectors Team | wpForo Forum | Medium | 6.5 | 2026-02-28 21:47:37 | Deep Dive |
| CVE-2026-28555 | wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler | gVectors Team | wpForo Forum | Medium | 4.3 | 2026-02-28 21:47:36 | Deep Dive |
| CVE-2026-28556 | wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers | gVectors Team | wpForo Forum | Medium | 5.4 | 2026-02-28 21:47:36 | Deep Dive |
| CVE-2026-28554 | wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler | gVectors Team | wpForo Forum | Medium | 4.3 | 2026-02-28 21:47:34 | Deep Dive |