CVE-2026-22215

Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.47

Description wpDiscuz is susceptible to a cross-site request forgery issue in the getFollowsPage() function. The absence of nonce validation allows attackers to perform unauthorized actions. Specifically, malicious requests can be created to enumerate follow relationships and manipulate user follow data due to the missing CSRF protection in the follows page handler.

Recommendations Update wpDiscuz to version 7.6.47 or later.