CVE-2026-22216

Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.47

Description wpDiscuz versions prior to 7.6.47 contain a missing rate limiting issue. Unauthenticated attackers can subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in the class.WpdiscuzHelperAjax.php file. Attackers can use LIKE wildcard characters in the subscription query to match multiple email addresses, resulting in unwanted notification emails being sent to victim accounts.

Recommendations Update wpDiscuz to version 7.6.47 or later.