Wpdiscuz
Monthly
Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard characters in the subscription query to match multiple email addresses and generate unwanted notific...
wpDiscuz before version 7.6.47 contains a cross-site request forgery (CSRF) vulnerability in the getFollowsPage() function that allows unauthenticated attackers to trigger unauthorized actions on behalf of legitimate users without valid nonce validation. An attacker can exploit this by crafting malicious requests to enumerate user follow relationships and manipulate follow data, potentially exposing private social graph information and allowing unauthorized modifications to user follow lists. While the CVSS score of 4.3 indicates low to moderate severity with limited direct impact, the vulnerability requires user interaction (UI:R) but has network-accessible attack surface with no authentication requirement, making it practically exploitable in targeted phishing campaigns.
wpDiscuz before version 7.6.47 contains a stored cross-site scripting (XSS) vulnerability in the WpdiscuzHelperUpload class that fails to properly escape attachment URLs when rendering HTML output. Attackers with limited privileges (contributor level or higher) can inject malicious JavaScript through crafted attachment records or WordPress filter hooks, which executes in the browsers of any WordPress user viewing the affected comments. This vulnerability requires user interaction (victim must view the comment) and has moderate real-world impact due to the authentication requirement and user interaction factor, though successful exploitation could lead to session hijacking or credential theft from comment viewers.
wpDiscuz before version 7.6.47 contains an information disclosure vulnerability where the plugin's JSON export functionality inadvertently exposes OAuth secrets and social login credentials in plaintext. Administrators performing routine plugin option exports or backups unknowingly create files containing sensitive API secrets (Facebook App Secret, Google Client Secret, Twitter App Secret, and others) that can be discovered by attackers in support tickets, backup repositories, or version control systems. An attacker with network access can obtain these exported files to compromise social login integrations and gain unauthorized access to connected third-party services.
High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomments action URL in image tags or other resources to trigger permanent deletion of comments without user confirmation or POST-based CSRF protection.
wpDiscuz before version 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows unauthenticated attackers to spoof their IP address by manipulating HTTP headers (HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR). This enables circumvention of IP-based rate limiting and ban enforcement mechanisms, allowing attackers to bypass security controls that rely on IP-based detection. The vulnerability has a CVSS score of 5.3 with low attack complexity and no authentication required, making it easily exploitable in network environments.
wpDiscuz before version 7.6.47 contains a vote manipulation vulnerability that allows unauthenticated attackers to artificially inflate or deflate comment votes through nonce bypass and rate limit evasion techniques. Attackers can obtain fresh nonces from the unauthenticated wpdGetNonce endpoint, rotate User-Agent headers to reset rate limits, and manipulate votes using IP rotation or reverse proxy header injection. While the CVSS score is moderate at 5.3, the vulnerability has low attack complexity and requires no privileges or user interaction, making it readily exploitable in practice.
High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscription_date, and imported_from parameters to manipulate database queries and extract sensitive information.
Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by importing a crafted options file with unescaped customCss field values. Attackers can supply a malicious JSON import file containing script payloads in the customCss parameter that execute on every page when rendered through the options handler withou...
Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfiltered_html capabilities can inject JavaScript directly through comment content rendered in the AJAX response from the getLastInlineComments() function...
High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and comment_id parameters to flood subscribers with notifications, as the handler lacks nonce verification, authent...
Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard characters in the subscription query to match multiple email addresses and generate unwanted notific...
wpDiscuz before version 7.6.47 contains a cross-site request forgery (CSRF) vulnerability in the getFollowsPage() function that allows unauthenticated attackers to trigger unauthorized actions on behalf of legitimate users without valid nonce validation. An attacker can exploit this by crafting malicious requests to enumerate user follow relationships and manipulate follow data, potentially exposing private social graph information and allowing unauthorized modifications to user follow lists. While the CVSS score of 4.3 indicates low to moderate severity with limited direct impact, the vulnerability requires user interaction (UI:R) but has network-accessible attack surface with no authentication requirement, making it practically exploitable in targeted phishing campaigns.
wpDiscuz before version 7.6.47 contains a stored cross-site scripting (XSS) vulnerability in the WpdiscuzHelperUpload class that fails to properly escape attachment URLs when rendering HTML output. Attackers with limited privileges (contributor level or higher) can inject malicious JavaScript through crafted attachment records or WordPress filter hooks, which executes in the browsers of any WordPress user viewing the affected comments. This vulnerability requires user interaction (victim must view the comment) and has moderate real-world impact due to the authentication requirement and user interaction factor, though successful exploitation could lead to session hijacking or credential theft from comment viewers.
wpDiscuz before version 7.6.47 contains an information disclosure vulnerability where the plugin's JSON export functionality inadvertently exposes OAuth secrets and social login credentials in plaintext. Administrators performing routine plugin option exports or backups unknowingly create files containing sensitive API secrets (Facebook App Secret, Google Client Secret, Twitter App Secret, and others) that can be discovered by attackers in support tickets, backup repositories, or version control systems. An attacker with network access can obtain these exported files to compromise social login integrations and gain unauthorized access to connected third-party services.
High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomments action URL in image tags or other resources to trigger permanent deletion of comments without user confirmation or POST-based CSRF protection.
wpDiscuz before version 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows unauthenticated attackers to spoof their IP address by manipulating HTTP headers (HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR). This enables circumvention of IP-based rate limiting and ban enforcement mechanisms, allowing attackers to bypass security controls that rely on IP-based detection. The vulnerability has a CVSS score of 5.3 with low attack complexity and no authentication required, making it easily exploitable in network environments.
wpDiscuz before version 7.6.47 contains a vote manipulation vulnerability that allows unauthenticated attackers to artificially inflate or deflate comment votes through nonce bypass and rate limit evasion techniques. Attackers can obtain fresh nonces from the unauthenticated wpdGetNonce endpoint, rotate User-Agent headers to reset rate limits, and manipulate votes using IP rotation or reverse proxy header injection. While the CVSS score is moderate at 5.3, the vulnerability has low attack complexity and requires no privileges or user interaction, making it readily exploitable in practice.
High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscription_date, and imported_from parameters to manipulate database queries and extract sensitive information.
Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by importing a crafted options file with unescaped customCss field values. Attackers can supply a malicious JSON import file containing script payloads in the customCss parameter that execute on every page when rendered through the options handler withou...
Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfiltered_html capabilities can inject JavaScript directly through comment content rendered in the AJAX response from the getLastInlineComments() function...
High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and comment_id parameters to flood subscribers with notifications, as the handler lacks nonce verification, authent...