CVE-2026-22210 in wpDiscuzИнформация

Сводка

по MITRE • 13.03.2026

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary JavaScript into img and anchor tag attributes, executing code in the context of WordPress users viewing comments.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

VulnCheck

Резервировать

06.01.2026

Раскрытие

13.03.2026

Модерация

принято

Вход

VDB-350792

CPE

готов

CWE

CWE-79 (Подтверждённый)

CVSS

6.1 (NVD)

EPSS

0.00052

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-22210
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-22210
CVE Details	https://www.cvedetails.com/cve/CVE-2026-22210/

◂ Предыдущий Обзор Далее ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!