CVE-2026-22204

EPSS 0.05%
Veröffentlicht 13.03.2026 01:18:11
Zuletzt bearbeitet 17.03.2026 11:47:27
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie. Attackers can craft a malicious cookie value that, when processed through urldecode() and passed to wp_mail() functions, enables header injection to alter email recipients or inject additional headers.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gvectors ≫ Wpdiscuz SwPlatformwordpress Version < 7.6.47

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.147

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
disclosure@vulncheck.com	6.3	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://wordpress.org/plugins/wpdiscuz/#developers

Product

Release Notes

https://wordpress.org/plugins/wpdiscuz/

Product

https://www.vulncheck.com/advisories/wpdiscuz-before-unsanitized-cookie-email-used-as-wp-mail-recipient

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-22204

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22204

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22204

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-22204