VYPR
Medium severity5.8NVD Advisory· Published May 20, 2026· Updated May 20, 2026

CVE-2026-7385

CVE-2026-7385

Description

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

1
CVE-2026-7385 · Medium · VYPR