Unrated severityNVD Advisory· Published Mar 13, 2026· Updated Mar 13, 2026

wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage

CVE-2026-22215

Description

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by exploiting the missing CSRF protection in the follows page handler.

Affected products

Gvectors/Wpdiscuzv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wordpress.org/plugins/wpdiscuz/mitrepatch
www.vulncheck.com/advisories/wpdiscuz-before-missing-csrf-protection-on-wpdgetfollowspagemitrethird-party-advisory
wordpress.org/plugins/wpdiscuz/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000