Every CVE whose affected-product data names Gvectors Wpdiscuz, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2020-24186 — CVSS 10.0 (critical): A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated…
CVE-2026-22192 — CVSS 9.9 (critical): Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access…
CVE-2020-13640 — CVSS 9.8 (critical): A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL…
CVE-2024-9488 — CVSS 9.8 (critical): The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is…
CVE-2026-22202 — CVSS 8.1 (high): wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an…
CVE-2026-22193 — CVSS 8.1 (high): wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper…
CVE-2026-22199 — CVSS 7.5 (high): Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows…
CVE-2026-22182 — CVSS 7.5 (high): wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification…
CVE-2026-22216 — CVSS 6.5 (medium): wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email…
CVE-2024-35681 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in gVectors Team wpDiscuz allows…
CVE-2024-2477 — CVSS 6.4 (medium): The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all…
CVE-2026-22183 — CVSS 6.1 (medium): wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows…
CVE-2023-51691 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments – wpDiscuz…
CVE-2026-22209 — CVSS 5.5 (medium): wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious…
CVE-2023-46310 — CVSS 5.3 (medium): Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpDiscuz allows Code…
CVE-2023-46309 — CVSS 5.3 (medium): Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security…
CVE-2024-6704 — CVSS 5.3 (medium): The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to…
CVE-2023-3998 — CVSS 5.3 (medium): The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate…
CVE-2023-3869 — CVSS 5.3 (medium): The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the…
CVE-2026-22201 — CVSS 5.3 (medium): wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting…
CVE-2026-22191 — CVSS 5.2 (medium): Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by…
CVE-2026-22203 — CVSS 4.9 (medium): wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by…
CVE-2021-24737 — CVSS 4.8 (medium): The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before…
CVE-2026-22210 — CVSS 4.4 (medium): wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped…
CVE-2026-22215 — CVSS 4.3 (medium): wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to…
CVE-2022-43492 — CVSS 4.3 (medium): Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.
CVE-2021-24806 — CVSS 4.3 (medium): The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to…
CVE-2023-47775 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.
CVE-2023-45760 — CVSS 4.3 (medium): Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security…
CVE-2022-23984 — CVSS 3.7 (low): Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).
CVE-2026-22204 — CVSS 3.7 (low): wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting…
CVE-2023-46311 — CVSS 2.7 (low): Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments –…