CVE-2026-22192
CRITICALwpDiscuz <7.6.47 - Stored XSS
Title source: llmDescription
Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access controls and gain unauthorized access to protected management functionality without valid credentials.
Scores
CVSS v3
9.9
EPSS
0.0007
EPSS Percentile
20.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
Details
CWE
CWE-306
Status
published
Products (4)
gVectors/wpDiscuz
< 7.6.47
gvectors/wpdiscuz
< 7.6.47
gVectors/wpDiscuz
7.6.47
Voltronic Power/SNMP Web Pro
1.1
Published
Mar 13, 2026
Tracked Since
Mar 14, 2026