VYPR
Unrated severityNVD Advisory· Published Mar 13, 2026· Updated Mar 13, 2026

wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage

CVE-2026-22215

Description

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by exploiting the missing CSRF protection in the follows page handler.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.