Skip to main content

Wpdiscuz CVE-2026-22193

| EUVDEUVD-2026-11744 HIGH
SQL Injection (CWE-89)
2026-03-13 VulnCheck
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 17, 2026 - 20:27 nvd
Patch available
EUVD ID Assigned
Mar 13, 2026 - 07:58 euvd
EUVD-2026-11744
Analysis Generated
Mar 13, 2026 - 07:58 vuln.today
CVE Published
Mar 13, 2026 - 01:18 nvd
HIGH 8.1

DescriptionCVE.org

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscription_date, and imported_from parameters to manipulate database queries and extract sensitive information.

AnalysisAI

High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscription_date, and imported_from parameters to manipulate database queries and extract sensitive information.

Technical ContextAI

Vulnerability Type: SQL Injection (CWE-89) CVSS 3.1: 8.1/10.0 — Attack Vector: Network | Complexity: High | Privileges Required: None | User Interaction: None Attack Techniques: Sqli Source: VulnCheck SQL injection allows attackers to manipulate database queries, potentially reading, modifying, or deleting data.

RemediationAI

Patches available:

  • https://wordpress.org/plugins/wpdiscuz/#developers

Update to the latest patched version as soon as possible.

CVE-2020-24186 CRITICAL POC
10.0 Aug 24

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allo

CVE-2020-13640 CRITICAL POC
9.8 Jun 18

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute

CVE-2024-9488 CRITICAL
9.8 Oct 25

The Comments - wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including

CVE-2026-22192 HIGH
8.8 Mar 13

Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a stored cross-site script

CVE-2023-47775 HIGH
8.8 Nov 22

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments - wpDiscuz plugin <= 7.6.11 versions. Rated hi

CVE-2022-43492 HIGH
8.8 Nov 18

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch

CVE-2021-24737 MEDIUM POC
4.8 Oct 11

The Comments - wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow mess

CVE-2026-22199 HIGH
8.7 Mar 13

wpDiscuz before version 7.6.47 contains a vote manipulation vulnerability that allows unauthenticated attackers to artif

CVE-2021-24806 MEDIUM POC
4.3 Nov 08

The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could a

CVE-2026-22202 HIGH
8.1 Mar 13

High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a cross-site request forgery

CVE-2026-22182 HIGH
7.5 Mar 13

High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains an unauthenticated denial of

CVE-2022-23984 HIGH
7.5 Feb 21

Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). Rated high severity (CVSS

Share

CVE-2026-22193 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy