← volver
CVE-2026-22193

wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions()

CVSS 9.2 CRITICALEPSS 0.3%CWE-89
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscription_date, and imported_from parameters to manipulate database queries and extract sensitive information.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
gVectors · wpDiscuz

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wordpress.org/plugins/wpdiscuz/https://wordpress.org/plugins/wpdiscuz/#developershttps://www.vulncheck.com/advisories/wpdiscuz-before-sql-injection-in-getallsubscriptions