CVE-2026-22183

Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.47

Description wpDiscuz contains a stored cross-site scripting issue in the inline comment preview functionality. Authenticated users can inject malicious scripts by submitting comments with unescaped content. Attackers with unfiltered html capabilities can inject JavaScript directly through comment content rendered in the AJAX response from the getLastInlineComments() function in class WpdiscuzHelperAjax.php due to a lack of proper HTML escaping.

Recommendations Update wpDiscuz to version 7.6.47 or later.