CVE-2026-22192 in wpDiscuz
Zusammenfassung
von MITRE • 13.03.2026
wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by importing a crafted options file with unescaped customCss field values. Attackers can supply a malicious JSON import file containing script payloads in the customCss parameter that execute on every page when rendered through the options handler without proper sanitization.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.