What is CVE-2026-22182?

CVE-2026-22182 is a high-severity vulnerability in Gvectors Wpdiscuz, classified under Missing Authorization. CVSS score: 7.5/10. Published 2026-03-13.

How severe is CVE-2026-22182?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Gvectors Wpdiscuz

CVE-2026-22182

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdisc…

Vulnerability class: Broken Access Control

EPSS: 0.000 (15.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Gvectors Wpdiscuz — versions 0, 7.6.47

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

wpDiscuz Changelog (patch)
wpDiscuz (product)
VulnCheck Advisory: wpDiscuz before 7.6.47 - Unauthenticated Email Notification Flood via wpdCheckNotificationType (third-party-advisory)

Frequently asked questions

What is CVE-2026-22182?: CVE-2026-22182 is a high-severity vulnerability in Gvectors Wpdiscuz, classified under Missing Authorization. CVSS score: 7.5/10. Published 2026-03-13.
How severe is CVE-2026-22182?: High severity. CVSS v3 base score is 7.5 out of 10.