CVE-2026-7385
Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure
The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected products
Unknown · Decent Commentspublic PoCs found — 1
cve_referencewpscan.com/vulnerability/1c5949d0-cf50-45d3-a7e2-2f94cdb42405/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →