{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22183", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-06T16:47:17.182Z", "datePublished": "2026-03-13T01:18:00.616Z", "dateUpdated": "2026-03-13T14:17:15.681Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-13T01:18:00.616Z"}, "datePublic": "2026-03-11T00:00:00.000Z", "title": "wpDiscuz before 7.6.47 - Stored Cross-Site Scripting in Inline Comment Preview", "descriptions": [{"lang": "en", "value": "wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfiltered_html capabilities can inject JavaScript directly through comment content rendered in the AJAX response from the getLastInlineComments() function in class.WpdiscuzHelperAjax.php without proper HTML escaping."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "affected": [{"vendor": "gVectors", "product": "wpDiscuz", "versions": [{"version": "0", "status": "affected", "lessThan": "7.6.47", "versionType": "custom"}, {"version": "7.6.47", "status": "unaffected"}], "defaultStatus": "unaffected", "packageURL": "pkg:wordpress-plugin/wpdiscuz"}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "7.6.47"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://wordpress.org/plugins/wpdiscuz/#developers", "name": "wpDiscuz Changelog", "tags": ["patch"]}, {"url": "https://wordpress.org/plugins/wpdiscuz/", "name": "wpDiscuz", "tags": ["product"]}, {"name": "VulnCheck Advisory: wpDiscuz before 7.6.47 - Stored Cross-Site Scripting in Inline Comment Preview", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/wpdiscuz-before-stored-cross-site-scripting-in-inline-comment-preview"}], "x_generator": {"engine": "scooter"}, "credits": [{"lang": "en", "value": "Scott Moore - VulnCheck", "type": "finder"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T14:16:57.327590Z", "id": "CVE-2026-22183", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T14:17:15.681Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22183", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T14:16:57.327590Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T14:17:09.173Z"}}], "cna": {"title": "wpDiscuz before 7.6.47 - Stored Cross-Site Scripting in Inline Comment Preview", "credits": [{"lang": "en", "type": "finder", "value": "Scott Moore - VulnCheck"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "gVectors", "product": "wpDiscuz", "versions": [{"status": "affected", "version": "0", "lessThan": "7.6.47", "versionType": "custom"}, {"status": "unaffected", "version": "7.6.47"}], "packageURL": "pkg:wordpress-plugin/wpdiscuz", "defaultStatus": "unaffected"}], "datePublic": "2026-03-11T00:00:00.000Z", "references": [{"url": "https://wordpress.org/plugins/wpdiscuz/#developers", "name": "wpDiscuz Changelog", "tags": ["patch"]}, {"url": "https://wordpress.org/plugins/wpdiscuz/", "name": "wpDiscuz", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/wpdiscuz-before-stored-cross-site-scripting-in-inline-comment-preview", "name": "VulnCheck Advisory: wpDiscuz before 7.6.47 - Stored Cross-Site Scripting in Inline Comment Preview", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "scooter"}, "descriptions": [{"lang": "en", "value": "wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfiltered_html capabilities can inject JavaScript directly through comment content rendered in the AJAX response from the getLastInlineComments() function in class.WpdiscuzHelperAjax.php without proper HTML escaping."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "versionEndExcluding": "7.6.47"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-13T01:18:00.616Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22183", "state": "PUBLISHED", "dateUpdated": "2026-03-13T14:17:15.681Z", "dateReserved": "2026-01-06T16:47:17.182Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-13T01:18:00.616Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A81F51B9-0C21-4F7E-876B-C09A66B9AE05", "versionEndExcluding": "7.6.47", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfiltered_html capabilities can inject JavaScript directly through comment content rendered in the AJAX response from the getLastInlineComments() function in class.WpdiscuzHelperAjax.php without proper HTML escaping."}], "id": "CVE-2026-22183", "lastModified": "2026-03-17T20:28:54.657", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-13T19:54:07.713", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://wordpress.org/plugins/wpdiscuz/"}, {"source": "disclosure@vulncheck.com", "tags": ["Product", "Release Notes"], "url": "https://wordpress.org/plugins/wpdiscuz/#developers"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/wpdiscuz-before-stored-cross-site-scripting-in-inline-comment-preview"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,7.6.47)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "7.6.47"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "wpDiscuz", "source": "cna", "vendor": "gVectors"}, "product": "wpdiscuz", "vendor": "gvectors"}, {"configurations": [{"platform": ["wordpress"], "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-17T21:25:37.901025+00:00", "value": {"mitigation_remediation": ["Apply the wpDiscuz update to version 7.6.47 or later to remediate the stored XSS flaw.", "If an update is not immediately possible, restrict or remove the unfiltered_html capability from non\u2011trusted user roles to prevent script injection."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The flaw exists in wpDiscuz versions prior to 7.6.47, as provided by the gVectors Vendors product. Any WordPress installation running those affected plugin versions is potentially impacted.", "description_and_impact": "The vulnerability in wpDiscuz allows an authenticated user who has the unfiltered_html capability to store malicious JavaScript within comment content. The stored script is returned unescaped in an AJAX response from the getLastInlineComments() function, forming part of the inline comment preview. When a victim views the preview, the injected code executes in the victim\u2019s browser, enabling defacement, session hijacking, or other client\u2011side attacks. This is a classic stored XSS flavor (CWE\u201179) affecting confidentiality and integrity of the user session, but not providing a direct remote execution vector on the server side.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate impact. The EPSS score of less than 1% suggests low anticipated exploitation frequency, and the vulnerability is not currently listed in the CISA KEV catalog. Exploitation requires the attacker to be a logged\u2011in user with the unfiltered_html capability; thus the attack vector is authenticated and requires administrative or author\u2011level permissions. Because the payload is delivered via an AJAX response, the vulnerability is exploitable without additional steps beyond comment submission."}}}}, "created": "2026-03-13T09:49:24.607919+00:00", "updated": "2026-03-23T10:00:00.206639+00:00", "vendors": ["gvectors", "gvectors$PRODUCT$wpdiscuz", "wordpress", "wordpress$PRODUCT$wordpress"]}