Vulnerability Details CVE-2026-22199
wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the unauthenticated wpdGetNonce endpoint, and vote multiple times using IP rotation or reverse proxy header manipulation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.0%
CVSS Severity
CVSS v3 Score 5.3