CVE-2026-22193

Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.47

Description wpDiscuz versions prior to 7.6.47 contain an SQL injection issue in the getAllSubscriptions() function. String parameters are not properly escaped in SQL queries, allowing attackers to inject malicious SQL code. The parameters susceptible to injection are email, activation key, subscription date, and imported from. Successful exploitation could allow attackers to manipulate database queries and extract sensitive information. It is estimated that over 100,000 WordPress sites running wpDiscuz are potentially affected.

Recommendations Update wpDiscuz to version 7.6.47 or later.