CVE-2026-22201

Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.47

Description The software contains an IP spoofing issue within the getIP() function. This allows attackers to bypass IP-based rate limiting and ban enforcement mechanisms by leveraging untrusted HTTP headers. Specifically, attackers can manipulate the HTTP CLIENT IP or HTTP X FORWARDED FOR headers to spoof their IP address and circumvent security controls.

Recommendations Update wpDiscuz to version 7.6.47 or later.