{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22201", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-06T16:47:17.184Z", "datePublished": "2026-03-13T01:18:07.476Z", "dateUpdated": "2026-03-13T16:09:19.907Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-13T01:18:07.476Z"}, "datePublic": "2026-03-11T00:00:00.000Z", "title": "wpDiscuz before 7.6.47 - IP Address Spoofing in getIP()", "descriptions": [{"lang": "en", "value": "wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR headers to spoof their IP address and circumvent security controls."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Use of Less Trusted Source", "cweId": "CWE-348", "type": "CWE"}]}], "affected": [{"vendor": "gVectors", "product": "wpDiscuz", "versions": [{"version": "0", "status": "affected", "lessThan": "7.6.47", "versionType": "custom"}, {"version": "7.6.47", "status": "unaffected"}], "defaultStatus": "unaffected", "packageURL": "pkg:wordpress-plugin/wpdiscuz"}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "7.6.47"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://wordpress.org/plugins/wpdiscuz/#developers", "name": "wpDiscuz Changelog", "tags": ["patch"]}, {"url": "https://wordpress.org/plugins/wpdiscuz/", "name": "wpDiscuz", "tags": ["product"]}, {"name": "VulnCheck Advisory: wpDiscuz before 7.6.47 - IP Address Spoofing in getIP()", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/wpdiscuz-before-ip-address-spoofing-in-getip"}], "x_generator": {"engine": "scooter"}, "credits": [{"lang": "en", "value": "Scott Moore - VulnCheck", "type": "finder"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T16:09:13.732671Z", "id": "CVE-2026-22201", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:09:19.907Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22201", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T16:09:13.732671Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:09:16.414Z"}}], "cna": {"title": "wpDiscuz before 7.6.47 - IP Address Spoofing in getIP()", "credits": [{"lang": "en", "type": "finder", "value": "Scott Moore - VulnCheck"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "gVectors", "product": "wpDiscuz", "versions": [{"status": "affected", "version": "0", "lessThan": "7.6.47", "versionType": "custom"}, {"status": "unaffected", "version": "7.6.47"}], "packageURL": "pkg:wordpress-plugin/wpdiscuz", "defaultStatus": "unaffected"}], "datePublic": "2026-03-11T00:00:00.000Z", "references": [{"url": "https://wordpress.org/plugins/wpdiscuz/#developers", "name": "wpDiscuz Changelog", "tags": ["patch"]}, {"url": "https://wordpress.org/plugins/wpdiscuz/", "name": "wpDiscuz", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/wpdiscuz-before-ip-address-spoofing-in-getip", "name": "VulnCheck Advisory: wpDiscuz before 7.6.47 - IP Address Spoofing in getIP()", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "scooter"}, "descriptions": [{"lang": "en", "value": "wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR headers to spoof their IP address and circumvent security controls."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-348", "description": "Use of Less Trusted Source"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "versionEndExcluding": "7.6.47"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-13T01:18:07.476Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22201", "state": "PUBLISHED", "dateUpdated": "2026-03-13T16:09:19.907Z", "dateReserved": "2026-01-06T16:47:17.184Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-13T01:18:07.476Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A81F51B9-0C21-4F7E-876B-C09A66B9AE05", "versionEndExcluding": "7.6.47", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Attackers can set HTTP_CLIENT_IP or HTTP_X_FORWARDED_FOR headers to spoof their IP address and circumvent security controls."}], "id": "CVE-2026-22201", "lastModified": "2026-03-17T20:25:44.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-13T19:54:10.147", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://wordpress.org/plugins/wpdiscuz/"}, {"source": "disclosure@vulncheck.com", "tags": ["Product", "Release Notes"], "url": "https://wordpress.org/plugins/wpdiscuz/#developers"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/wpdiscuz-before-ip-address-spoofing-in-getip"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-348"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,7.6.47)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "7.6.47"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "wpDiscuz", "source": "cna", "vendor": "gVectors"}, "product": "wpdiscuz", "vendor": "gvectors"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-17T21:24:24.131481+00:00", "value": {"mitigation_remediation": ["Upgrade wpDiscuz to version 7.6.47 or later", "If upgrade cannot be performed immediately, configure the web server or WordPress to ignore or strip untrusted HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR headers, or set trusted proxies accordingly", "Monitor logs for suspicious traffic and abnormal request patterns"], "summary": {"action": "Apply Patch", "impact": "Bypass IP-based Rate Limiting and Ban Enforcement"}, "threat_synthesis": {"affected_systems": "This issue affects the wpDiscuz plugin for WordPress made by gVectors. All versions of wpDiscuz prior to 7.6.47 are vulnerable. Installing version 7.6.47 or later removes the vulnerability.", "description_and_impact": "The wpDiscuz plugin contains an IP spoofing vulnerability in its getIP() function. The function trusts the HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR headers for determining the visitor's IP address without proper validation. An attacker can set these headers to a value that does not match the true client IP, thereby forging the originating address. The vulnerability allows the attacker to bypass IP-based rate limiting and ban enforcement that relies on the reported IP, potentially leading to spamming, brute\u2011force attacks, or denial of service through repeated actions by a spoofed IP.", "risk_and_exploitability": "The CVSS base score is 6.9, indicating medium severity. The EPSS score is below 1%, suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, requiring only the ability to send HTTP requests with custom headers to the target WordPress site. Because the exploitation only needs header manipulation, an attacker can perform it from anywhere without additional credentials."}}}}, "created": "2026-03-13T09:49:17.576072+00:00", "updated": "2026-03-23T09:59:55.687623+00:00", "vendors": ["gvectors", "gvectors$PRODUCT$wpdiscuz", "wordpress", "wordpress$PRODUCT$wordpress"]}