Skip to main content

Wpdiscuz CVE-2026-22199

| EUVDEUVD-2026-11745 HIGH
Authentication Bypass by Spoofing (CWE-290)
2026-03-13 VulnCheck
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 22, 2026 - 19:22 vuln.today
cvss_changed
Severity Changed
Apr 22, 2026 - 19:22 NVD
MEDIUM HIGH
CVSS changed
Apr 22, 2026 - 19:22 NVD
5.3 (MEDIUM) 8.7 (HIGH)
Patch released
Mar 17, 2026 - 20:26 nvd
Patch available
EUVD ID Assigned
Mar 13, 2026 - 07:58 euvd
EUVD-2026-11745
Analysis Generated
Mar 13, 2026 - 07:58 vuln.today
CVE Published
Mar 13, 2026 - 01:18 nvd
MEDIUM 5.3

DescriptionCVE.org

wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the unauthenticated wpdGetNonce endpoint, and vote multiple times using IP rotation or reverse proxy header manipulation.

AnalysisAI

wpDiscuz before version 7.6.47 contains a vote manipulation vulnerability that allows unauthenticated attackers to artificially inflate or deflate comment votes through nonce bypass and rate limit evasion techniques. Attackers can obtain fresh nonces from the unauthenticated wpdGetNonce endpoint, rotate User-Agent headers to reset rate limits, and manipulate votes using IP rotation or reverse proxy header injection. While the CVSS score is moderate at 5.3, the vulnerability has low attack complexity and requires no privileges or user interaction, making it readily exploitable in practice.

Technical ContextAI

wpDiscuz is a popular WordPress comment plugin that implements a voting system for user comments. The vulnerability stems from inadequate security controls in the nonce generation and validation mechanisms, classified under CWE-290 (Authentication Bypass by Spoofing), combined with insufficient rate limiting tied to client-controlled headers. The plugin's wpdGetNonce endpoint fails to require authentication, allowing attackers to obtain valid nonces without authorization. The rate limiting implementation relies on User-Agent and IP-based detection, which can be trivially bypassed by varying the User-Agent string or using reverse proxy header manipulation (X-Forwarded-For, X-Real-IP). The affected product is identified by CPE references for Wordpress plugin wpDiscuz versions prior to 7.6.47.

RemediationAI

Immediately upgrade wpDiscuz to version 7.6.47 or later, which contains fixes for nonce validation and rate limiting. The upgrade is available via the WordPress plugin dashboard and at the official wpDiscuz repository. Until upgrading is possible, implement workarounds by restricting vote endpoint access via Web Application Firewall (WAF) rules that validate nonce parameters more strictly, implement server-side rate limiting independent of client-provided headers (using database-backed or token-bucket rate limiting keyed to actual client IP via trusted reverse proxy headers only), and consider disabling the vote feature temporarily if it is non-critical. Additionally, configure your reverse proxy to ignore untrusted headers and enforce a strict whitelist of allowed origin IPs for vote requests.

CVE-2020-24186 CRITICAL POC
10.0 Aug 24

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allo

CVE-2020-13640 CRITICAL POC
9.8 Jun 18

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute

CVE-2024-9488 CRITICAL
9.8 Oct 25

The Comments - wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including

CVE-2026-22192 HIGH
8.8 Mar 13

Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a stored cross-site script

CVE-2023-47775 HIGH
8.8 Nov 22

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments - wpDiscuz plugin <= 7.6.11 versions. Rated hi

CVE-2022-43492 HIGH
8.8 Nov 18

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch

CVE-2021-24737 MEDIUM POC
4.8 Oct 11

The Comments - wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow mess

CVE-2021-24806 MEDIUM POC
4.3 Nov 08

The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could a

CVE-2026-22193 HIGH
8.1 Mar 13

High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains an SQL injection vulnerabili

CVE-2026-22202 HIGH
8.1 Mar 13

High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a cross-site request forgery

CVE-2026-22182 HIGH
7.5 Mar 13

High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains an unauthenticated denial of

CVE-2022-23984 HIGH
7.5 Feb 21

Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11). Rated high severity (CVSS

Share

CVE-2026-22199 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy