VYPR
Unrated severityNVD Advisory· Published Mar 13, 2026· Updated Mar 13, 2026

wpDiscuz before 7.6.47 - Unsanitized Cookie Email Used as wp_mail() Recipient

CVE-2026-22204

Description

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie. Attackers can craft a malicious cookie value that, when processed through urldecode() and passed to wp_mail() functions, enables header injection to alter email recipients or inject additional headers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.