CRITICAL🇵🇱 Wersja polska

CVE-2026-22193

CVSS 9.2v4.0pub. 2026-03-13upd. 2026-03-17

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscription_date, and imported_from parameters to manipulate database queries and extract sensitive information.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Gvectors Wpdiscuz

    APP
    Gvectors
    < 7.6.47
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-9488CRITICAL9.8PL ✓ten sam produkt

Authentication bypass w pluginie wpDiscuz dla WordPress (do wersji 7.6.24)

CVE-2020-24186CRITICAL10.0ten sam produkt

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, ...

CVE-2020-13640CRITICAL9.8ten sam produkt

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers ...

CVE-2026-22182HIGH8.7ten sam produkt

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users...

CVE-2026-22192HIGH8.8ten sam produkt

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthent...