Comments – wpDiscuz

Vulnerabilities 47Slug wpdiscuzLatest version 7.6.54WordPress.org →

Minimum safe version

7.6.47

Update to 7.6.47 or later to address 46 fixable vulnerabilities

Latest available7.6.54 Affected up to7.0.4
Medium 5.3
2026-03-13< 7.6.47

CVE-2026-22201

CVE
High 7.5
2026-03-13< 7.6.47

CVE-2026-22199

CVE
High 7.5
2026-03-13< 7.6.47

CVE-2026-22193

CVE
Critical 9.9
2026-03-13< 7.6.47

CVE-2026-22192

CVE
Medium 5.4
2026-03-13< 7.6.47

CVE-2026-22183

CVE
Medium 5.2
2026-03-13< 7.6.47

CVE-2026-22191

CVE
High 7.5
2026-03-13< 7.6.47

CVE-2026-22182

CVE
Medium 6.5
2026-03-13< 7.6.47

CVE-2026-22202

CVE
Medium 4.9
2026-03-13< 7.6.47

CVE-2026-22203

CVE
Medium 5.3
2026-03-13< 7.6.47

CVE-2026-22204

CVE
Medium 5.3
2026-03-13< 7.6.47

CVE-2026-22216

CVE
Medium 5.5
2026-03-13< 7.6.47

CVE-2026-22209

CVE
Medium 6.1
2026-03-13< 7.6.47

CVE-2026-22210

CVE
Medium 5.4
2026-03-13< 7.6.47

CVE-2026-22215

CVE
Medium 4.3
2025-09-22< 7.6.34

WordPress wpDiscuz Plugin <= 7.6.33 is vulnerable to Broken Access Control

PatchstackWordfenceEUVDCVE
N/A
< 7.6.6

wpDiscuz &lt; 7.6.6 - Unauthenticated SQL Injection

WPScan
N/A
< 7.6.6

wpDiscuz &lt; 7.6.6 - Unauthenticated SQL Injection

WPScan
Medium 5.9
2024-12-27< 7.6.13

WordPress wpDiscuz Plugin <= 7.6.12 is vulnerable to Cross Site Scripting (XSS)

PatchstackCVEWPScan
N/A
2023-11-17< 7.6.13

wpDiscuz <= 7.6.12 - Authenticated (Administrator+) Stored Cross-Site Scripting

Wordfence
N/A
2023-10-31< 7.6.12

wpDiscuz <= 7.6.11 - Unauthenticated Stored Cross-Site Scripting via Comment Uploaded Image Filename

Wordfence
N/A
2023-10-20< 7.6.11

wpDiscuz <= 7.6.10 - Insufficient Authorization to Comment Submission on Deleted Posts

Wordfence
N/A
2023-09-19< 7.6.6

WordPress wpDiscuz Plugin < 7.6.6 is vulnerable to SQL Injection

Patchstack
N/A
2023-09-18< 7.6.6

wpDiscuz <= 7.6.5 - Unauthenticated SQL Injection

Wordfence
N/A
< 3.2.0

wpDiscuz &lt;= 3.1.4 - Reflected Cross-Site Scripting (XSS)

WPScan
N/A
2016-05-30< 3.2.0

Comments - wpDiscuz <= 3.1.4 - Reflected Cross-Site Scripting

Wordfence
N/A
2016-05-30< 3.1.5

WordPress wpDiscuz Plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS)

Patchstack
N/A
2017-06-20< 4.0.0

WordPress wpDiscuz plugin <= 3.2.8 - Cross-Site Request Forgery (CSRF) Vulnerability

Patchstack
Critical 10.0
2021-06-06≥ 7.0 and ≤ 7.0.4

Comments - wpDiscuz 7.0 - 7.0.4 - Unauthenticated Arbitrary File Upload leading to Remote Code Execution

WordfenceCVEPatchstackWPScan