PT-2026-25144 · Gvectors · Wpdiscuz
Scott Moore
·
Published
2026-03-13
·
Updated
2026-03-13
·
CVE-2026-22204
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
wpDiscuz versions prior to 7.6.47
Description
The software contains an email header injection issue that allows attackers to manipulate email recipients. This is achieved by injecting malicious data into the
comment author email cookie. The injected data, when processed by the urldecode() function and passed to the wp mail() function, enables header injection, potentially altering email recipients or adding extra headers.Recommendations
Update wpDiscuz to version 7.6.47 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wpdiscuz