PT-2026-2165 · Beghelli+1 · Sicuroweb+1

Jean-Marie Bourbon

Publicado

2026-01-09

Atualizado

2026-04-22

CVE-2026-22191

CVSS v3.1

5.2

Média

Vetor

AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.47

Description The software contains a shortcode injection issue that allows attackers to execute arbitrary shortcodes. This is achieved by including shortcodes in comment content sent via email notifications. Attackers can inject shortcodes such as [contact-form-7] or [user meta] within comments. These shortcodes are executed server-side when the WpdiscuzHelperEmail class processes notifications through the do shortcode() function before wp mail(). The do shortcode() function is used to process shortcodes within the comment content.

Recommendations Update wpDiscuz to version 7.6.47 or later.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-1336

Identificadores relacionados

CVE-2026-22191

Produtos afetados

Sicuroweb

Wpdiscuz

PT-2026-2165 · Beghelli+1 · Sicuroweb+1

CVE-2026-22191

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13