Unrated severityNVD Advisory· Published Mar 13, 2026· Updated Mar 13, 2026
wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage
CVE-2026-22215
Description
wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by exploiting the missing CSRF protection in the follows page handler.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- wordpress.org/plugins/wpdiscuz/mitrepatch
- www.vulncheck.com/advisories/wpdiscuz-before-missing-csrf-protection-on-wpdgetfollowspagemitrethird-party-advisory
- wordpress.org/plugins/wpdiscuz/mitreproduct
News mentions
0No linked articles in our index yet.