CVE-2026-22216

EPSS 0.05%
Veröffentlicht 13.03.2026 01:18:16
Zuletzt bearbeitet 17.03.2026 11:43:07
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard characters in the subscription query to match multiple email addresses and generate unwanted notification emails to victim accounts.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gvectors ≫ Wpdiscuz SwPlatformwordpress Version < 7.6.47

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
disclosure@vulncheck.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-799 Improper Control of Interaction Frequency

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

https://wordpress.org/plugins/wpdiscuz/#developers

Product

Release Notes

https://wordpress.org/plugins/wpdiscuz/

Product

https://www.vulncheck.com/advisories/wpdiscuz-before-no-rate-limiting-on-subscription-endpoints-with-like-wildcard-bypass

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-22216

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22216

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22216

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-22216