wpDiscuz — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in wpDiscuz, with AI-generated Chinese analysis, references, and POCs.

Vendor: gVectors Team

CVE ID	Title	CVSS	Severity	Published
CVE-2026-22216	wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass CWE-799	6.5	Medium	2026-03-13
CVE-2026-22215	wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage CWE-352	4.3	Medium	2026-03-13
CVE-2026-22210	wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Attachment URLs CWE-79	4.4	Medium	2026-03-13
CVE-2026-22209	wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Custom CSS in Style Tag CWE-79	5.5	Medium	2026-03-13
CVE-2026-22204	wpDiscuz before 7.6.47 - Unsanitized Cookie Email Used as wp_mail() Recipient CWE-20	3.7	Low	2026-03-13
CVE-2026-22203	wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext CWE-200	4.9	Medium	2026-03-13
CVE-2026-22202	wpDiscuz before 7.6.47 - Destructive GET Action Deletes All Comments by Email CWE-352	8.1	High	2026-03-13
CVE-2026-22201	wpDiscuz before 7.6.47 - IP Address Spoofing in getIP() CWE-348	5.3	Medium	2026-03-13
CVE-2026-22193	wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions() CWE-89	8.1	High	2026-03-13
CVE-2026-22183	wpDiscuz before 7.6.47 - Stored Cross-Site Scripting in Inline Comment Preview CWE-79	6.1	Medium	2026-03-13
CVE-2026-22182	wpDiscuz before 7.6.47 - Unauthenticated Email Notification Flood via wpdCheckNotificationType CWE-862	7.5	High	2026-03-13
CVE-2025-68997	WordPress wpDiscuz plugin <= 7.6.43 - Insecure Direct Object References (IDOR) vulnerability CWE-639	9.1	-	2025-12-30
CVE-2025-59591	WordPress wpDiscuz Plugin <= 7.6.33 - Broken Access Control Vulnerability CWE-862	4.3	Medium	2025-09-22
CVE-2023-46309	WordPress wpDiscuz plugin <= 7.6.10 - Broken Access Control vulnerability CWE-862	8.1	-	2025-01-02
CVE-2023-45760	WordPress wpDiscuz plugin <= 7.6.3 - Broken Access Control vulnerability CWE-862	8.1	-	2025-01-02
CVE-2024-35681	WordPress wpDiscuz plugin <= 7.6.18 - Cross Site Scripting (XSS) vulnerability CWE-79	6.5	Medium	2024-06-08
CVE-2023-46310	WordPress wpDiscuz plugin <= 7.6.10 - Content Injection vulnerability CWE-80	5.3	Medium	2024-06-04

All 17 known CVE vulnerabilities affecting wpDiscuz with full Chinese analysis, references, and POCs where available.