Wpdiscuz

This hub aggregates every CVE we track for Wpdiscuz, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Wpdiscuz.

• CVE-2026-22216wpDiscuz before 7.6.47 - No Rate Limiting on Subscription Endpoints with LIKE Wildcard Bypass6.5Mar 13, 2026
• CVE-2026-22215wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage4.3Mar 13, 2026
• CVE-2026-22210wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Attachment URLs4.4Mar 13, 2026
• CVE-2026-22209wpDiscuz before 7.6.47 - Cross-Site Scripting via Unescaped Custom CSS in Style Tag5.5Mar 13, 2026
• CVE-2026-22204wpDiscuz before 7.6.47 - Unsanitized Cookie Email Used as wp_mail() Recipient3.7Mar 13, 2026
• CVE-2026-22203wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext4.9Mar 13, 2026
• CVE-2026-22202wpDiscuz before 7.6.47 - Destructive GET Action Deletes All Comments by Email8.1Mar 13, 2026
• CVE-2026-22201wpDiscuz before 7.6.47 - IP Address Spoofing in getIP()5.3Mar 13, 2026
• CVE-2026-22199Voltronic Power SNMP Web Pro 1.1 Path Traversal via upload.cgi7.5Mar 13, 2026
• CVE-2026-22193wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions()8.1Mar 13, 2026
• CVE-2026-22192Voltronic Power SNMP Web Pro 1.1 Authentication Bypass via localStorage9.9Mar 13, 2026
• CVE-2026-22191Beghelli Sicuro24 SicuroWeb AngularJS Template Injection5.2Mar 13, 2026
• CVE-2026-22183wpDiscuz before 7.6.47 - Stored Cross-Site Scripting in Inline Comment Preview6.1Mar 13, 2026
• CVE-2026-22182wpDiscuz before 7.6.47 - Unauthenticated Email Notification Flood via wpdCheckNotificationType7.5Mar 13, 2026
• CVE-2025-68997WordPress wpDiscuz plugin <= 7.6.43 - Insecure Direct Object References (IDOR) vulnerability5.3Dec 30, 2025