EUVD-2026-11752
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Lifecycle Timeline
4Description
wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by exploiting the missing CSRF protection in the follows page handler.
Analysis
wpDiscuz before version 7.6.47 contains a cross-site request forgery (CSRF) vulnerability in the getFollowsPage() function that allows unauthenticated attackers to trigger unauthorized actions on behalf of legitimate users without valid nonce validation. An attacker can exploit this by crafting malicious requests to enumerate user follow relationships and manipulate follow data, potentially exposing private social graph information and allowing unauthorized modifications to user follow lists. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify anti-CSRF tokens are enforced.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today