CVE-2026-22193
CVE-2026-22193
9.2
CriticalPublished:
Last updated:
Source:disclosure@vulncheck.com
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- Present
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscription_date, and imported_from parameters to manipulate database queries and extract sensitive information.
References
disclosure@vulncheck.com
https://wordpress.org/plugins/wpdiscuz/disclosure@vulncheck.com
https://wordpress.org/plugins/wpdiscuz/#developersdisclosure@vulncheck.com
https://www.vulncheck.com/advisories/wpdiscuz-before-sql-injection-in-getallsubscriptions