216.73.217.64

CVE-2026-22199

· Published 13/03/2026 19:54 · Modified 13/03/2026 19:54

Labels: CVE-2026-22199 2026-03-13CVE-2026-22199CWE-290[email protected]

Essential information

Published
13/03/2026 19:54
Modified
13/03/2026 19:54
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the unauthenticated wpdGetNonce endpoint, and vote multiple times using IP rotation or reverse proxy header manipulation.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wpdiscuz / wpdiscuz cpe:2.3:a:wpdiscuz:wpdiscuz:*:*:*:*:*:*:*:*
wpdiscuz / wpdiscuz cpe:2.3:a:wpdiscuz:wpdiscuz:<7.6.47:*:*:*:*:*:*

References