What is CVE-2026-7385?

CVE-2026-7385 is a medium-severity vulnerability in Decent Comments, classified under CWE-200 INFORMATION EXPOSURE. CVSS score: 5.8/10. Published 2026-05-20.

How severe is CVE-2026-7385?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Vulnerability in Decent Comments

CVE-2026-7385

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email a…

EPSS: 0.000 (11.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N.

Affected products

Unknown Decent Comments — versions 0

References

contact@wpscan.com (technical-description, exploit, vdb-entry)

Frequently asked questions

What is CVE-2026-7385?: CVE-2026-7385 is a medium-severity vulnerability in Decent Comments, classified under CWE-200 INFORMATION EXPOSURE. CVSS score: 5.8/10. Published 2026-05-20.
How severe is CVE-2026-7385?: Medium severity. CVSS v3 base score is 5.8 out of 10.