Gvectors Wpdiscuz
16 CVEs affecting Gvectors Wpdiscuz. Latest disclosed: 2026-03-13. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-22202 | High | 8.1 | 2026-03-13 | wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by cra… |
CVE-2026-22193 | High | 8.1 | 2026-03-13 | wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL… |
CVE-2026-22182 | High | 7.5 | 2026-03-13 | wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploitin… |
CVE-2023-47185 | High | 7.1 | 2023-11-06 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions. |
CVE-2026-22216 | Medium | 6.5 | 2026-03-13 | wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post noti… |
CVE-2026-22183 | Medium | 6.1 | 2026-03-13 | wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inje… |
CVE-2023-51691 | Medium | 5.9 | 2024-02-01 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS.This… |
CVE-2026-22209 | Medium | 5.5 | 2026-03-13 | wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking… |
CVE-2026-22201 | Medium | 5.3 | 2026-03-13 | wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement… |
CVE-2023-46309 | Medium | 5.3 | 2025-01-02 | Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe… |
CVE-2026-22203 | Medium | 4.9 | 2026-03-13 | wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin op… |
CVE-2026-22210 | Medium | 4.4 | 2026-03-13 | wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML o… |
CVE-2026-22215 | Medium | 4.3 | 2026-03-13 | wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actio… |
CVE-2023-45760 | Medium | 4.3 | 2025-01-02 | Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe… |
CVE-2026-22204 | Low | 3.7 | 2026-03-13 | wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into th… |
CVE-2023-46311 | Low | 2.7 | 2023-12-20 | Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7… |