CVE-2026-22204

Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.47

Description The software contains an email header injection issue that allows attackers to manipulate email recipients. This is achieved by injecting malicious data into the comment author email cookie. The injected data, when processed by the urldecode() function and passed to the wp mail() function, enables header injection, potentially altering email recipients or adding extra headers.

Recommendations Update wpDiscuz to version 7.6.47 or later.