CVE-2026-22203

MEDIUM

wpDiscuz <7.6.47 - Info Disclosure

Title source: llm

Description

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret, and other social login credentials from support tickets, backups, or version control repositories.

References (3)

[Product] https://wordpress.org/plugins/wpdiscuz/#developers

[Product] https://wordpress.org/plugins/wpdiscuz/

[Third Party Advisory] https://www.vulncheck.com/advisories/wpdiscuz-before-options-export-leaks-oauth-secrets-in-plaintext

Scores

CVSS v3 4.9

EPSS 0.0005

EPSS Percentile 14.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (3)

gVectors/wpDiscuz < 7.6.47

gvectors/wpdiscuz < 7.6.47

gVectors/wpDiscuz 7.6.47

Published Mar 13, 2026

Tracked Since Mar 14, 2026