Medium severity5.8NVD Advisory· Published May 20, 2026· Updated May 20, 2026
CVE-2026-7385
CVE-2026-7385
Description
The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.0.2+ 1 more
- (no CPE)range: <3.0.2
- (no CPE)range: <3.0.2
Patches
Vulnerability mechanics
References
1News mentions
1- Wordfence Intelligence Weekly WordPress Vulnerability Report (June 8, 2026 to June 14, 2026)Wordfence Blog · Jun 18, 2026