CVE-2026-22182

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and comment_id parameters to flood subscribers with notifications, as the handler lacks nonce verification, authentication checks, and rate limiting.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://wordpress.org/plugins/wpdiscuz/	Product
https://wordpress.org/plugins/wpdiscuz/#developers	Product Release Notes
https://www.vulncheck.com/advisories/wpdiscuz-before-unauthenticated-email-notification-flood-via-wpdchecknotificationtype	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*

History

17 Mar 2026, 20:23

Type	Values Removed	Values Added
First Time		Gvectors Gvectors wpdiscuz
CPE		cpe:2.3:a:gvectors:wpdiscuz::::::wordpress::*
References	~~() https://wordpress.org/plugins/wpdiscuz/ -~~	() https://wordpress.org/plugins/wpdiscuz/ - Product
References	~~() https://wordpress.org/plugins/wpdiscuz/#developers -~~	() https://wordpress.org/plugins/wpdiscuz/#developers - Product, Release Notes
References	~~() https://www.vulncheck.com/advisories/wpdiscuz-before-unauthenticated-email-notification-flood-via-wpdchecknotificationtype -~~	() https://www.vulncheck.com/advisories/wpdiscuz-before-unauthenticated-email-notification-flood-via-wpdchecknotificationtype - Third Party Advisory
CWE		CWE-770

13 Mar 2026, 19:54

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-13 19:54

Updated : 2026-03-17 20:23

NVD link : CVE-2026-22182

Mitre link : CVE-2026-22182

CVE.ORG link : CVE-2026-22182

JSON object : View

Products Affected

gvectors

wpdiscuz

CWE

CWE-862

Missing Authorization

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2026-22182", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-13T19:54:07.480", "references": [{"url": "https://wordpress.org/plugins/wpdiscuz/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://wordpress.org/plugins/wpdiscuz/#developers", "tags": ["Product", "Release Notes"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/wpdiscuz-before-unauthenticated-email-notification-flood-via-wpdchecknotificationtype", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}, {"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and comment_id parameters to flood subscribers with notifications, as the handler lacks nonce verification, authentication checks, and rate limiting."}], "lastModified": "2026-03-17T20:23:18.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A81F51B9-0C21-4F7E-876B-C09A66B9AE05", "versionEndExcluding": "7.6.47"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}