Gvectors

Wpdiscuz

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-22192

  • EPSS 0.04%
  • Veröffentlicht 13.03.2026 01:18:03
  • Zuletzt bearbeitet 17.03.2026 20:28:18

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by importing a crafted options file with unescaped customCss field values. Attackers can supply a malicious...

6.5

CVE-2026-22191

  • EPSS 0.04%
  • Veröffentlicht 13.03.2026 01:18:01
  • Zuletzt bearbeitet 23.03.2026 17:06:18

wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [use...

5.4

CVE-2026-22183

  • EPSS 0.04%
  • Veröffentlicht 13.03.2026 01:18:00
  • Zuletzt bearbeitet 17.03.2026 20:28:54

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfilter...

7.5

CVE-2026-22182

  • EPSS 0.04%
  • Veröffentlicht 13.03.2026 01:17:59
  • Zuletzt bearbeitet 17.03.2026 20:23:18

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax.php...

7.3

CVE-2023-46309

  • EPSS 0.1%
  • Veröffentlicht 02.01.2025 12:15:11
  • Zuletzt bearbeitet 29.05.2025 20:19:10

Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.10.

8.8

CVE-2023-45760

  • EPSS 0.37%
  • Veröffentlicht 02.01.2025 12:15:09
  • Zuletzt bearbeitet 29.05.2025 20:33:06

Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.3.

9.8

CVE-2024-9488

  • EPSS 1.26%
  • Veröffentlicht 25.10.2024 06:15:13
  • Zuletzt bearbeitet 06.11.2024 14:57:04

The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible fo...

6.1

CVE-2024-6704

  • EPSS 8.43%
  • Veröffentlicht 02.08.2024 11:16:43
  • Zuletzt bearbeitet 05.06.2025 16:38:43

The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML s...

5.4

CVE-2024-35681

  • EPSS 0.16%
  • Veröffentlicht 08.06.2024 15:15:50
  • Zuletzt bearbeitet 21.11.2024 09:20:39

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows Stored XSS.This issue affects wpDiscuz: from n/a through 7.6.18.

6.1

CVE-2023-46310

  • EPSS 0.24%
  • Veröffentlicht 04.06.2024 10:15:10
  • Zuletzt bearbeitet 29.05.2025 20:21:22

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10.