CVE-2022-43492

MEDIUM

Comments - wpDiscuz 7.4.2 - Authenticated Insecure Direct Object Reference

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-43492. PoCs published by dhakalananda.

AI-analyzed exploit summary The repository contains only a README file with a generic title and no technical details or exploit code. It appears to be a placeholder for a list of CVEs without any substantive content.

Description

Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.

Exploits (1)

github STUB 2 stars

by dhakalananda · poc

https://github.com/dhakalananda/cves/tree/main/CVE-2022-43492

View Code ZIP pw:eip

The repository contains only a README file with a generic title and no technical details or exploit code. It appears to be a placeholder for a list of CVEs without any substantive content.

Classification

Stub 100%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unspecified

No auth needed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Product, Third Party Advisory

https://wordpress.org/plugins/wpdiscuz/#developers

Third Party Advisory

https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-comments-wpdiscuz-plugin-7-4-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve

Scores

CVSS v3 4.3

EPSS 0.0059

EPSS Percentile 43.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (2)

gvectors/wpdiscuz 7.4.2

gVectors Team/Comments – wpDiscuz (WordPress plugin) 7.4.2

Published Nov 18, 2022

Tracked Since Feb 18, 2026