CVE-2026-22216

< 7.6.47

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary

6.5MEDIUM

CVE-2026-22215

< 7.6.47

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers

4.3MEDIUM

CVE-2026-22210

< 7.6.47

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unesca

4.4MEDIUM

CVE-2026-22209

< 7.6.47

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject m

5.5MEDIUM

CVE-2026-22204

< 7.6.47

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by inj

3.7LOW

CVE-2026-22203

< 7.6.47

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth s

4.9MEDIUM

CVE-2026-22202

< 7.6.47

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated

8.1HIGH

CVE-2026-22201

< 7.6.47

wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate

5.3MEDIUM

CVE-2026-22199

< 7.6.47

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint tha

7.5HIGH

CVE-2026-22193

< 7.6.47

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack

8.1HIGH

CVE-2026-22192

< 7.6.47

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to

9.9CRITICAL

CVE-2026-22191

< 7.6.47

Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expres

5.2MEDIUM

CVE-2026-22183

< 7.6.47

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allow

6.1MEDIUM

CVE-2026-22182

< 7.6.47

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass not

7.5HIGH

CVE-2023-46309

< 7.6.11

Missing Authorization vulnerability in AdvancedCoding wpDiscuz allows Exploiting Incorrectly Configured Access Control Se

5.3MEDIUM

CVE-2023-45760

< 7.6.4

Missing Authorization vulnerability in AdvancedCoding wpDiscuz allows Exploiting Incorrectly Configured Access Control Se

4.3MEDIUM

CVE-2024-9488

< 7.6.25

The Comments - wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24.

9.8CRITICAL

CVE-2024-6704

< 7.6.22

The Comments - wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is

5.3MEDIUM

CVE-2024-35681

< 7.6.19

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscu

6.5MEDIUM

CVE-2023-46310

< 7.6.11

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpDiscuz allows Code

5.3MEDIUM

CVE-2024-2477

< 7.6.16

The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded ima

6.4MEDIUM

CVE-2023-51691

<= 7.6.12

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments - wpD

5.9MEDIUM

CVE-2023-46311

< 7.6.4

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments - wpDiscuz.This issue affects Comments -

2.7LOW

CVE-2023-47775

< 7.6.12

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments, wpDiscuz plugin <= 7.6.11 versions.

4.3MEDIUM

CVE-2023-47185

<= 7.6.11

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments, wpDiscuz plugin <= 7.6.11 versions.

7.1HIGH

CVE-2023-3998

<= 7.6.3

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the u

5.3MEDIUM

CVE-2023-3869

<= 7.6.3

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the v

5.3MEDIUM

CVE-2022-43492

all versions

Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments - wpDiscuz plugin 7.4.2 on WordPress.

4.3MEDIUM

CVE-2022-23984

<= 7.3.11

Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).

3.7LOW

CVE-2021-24806

< 7.3.4

The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attac

4.3MEDIUM

CVE-2021-24737

<= 7.3.0

The Comments - wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages befor

4.8MEDIUM

CVE-2020-24186

>= 7.0 and <= 7.0.4

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthe

10.0CRITICAL

CVE-2020-13640

<= 5.3.5

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary

9.8CRITICAL