CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-22203

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret, and other social login credentials from support tickets, backups, or version control repositories.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.1%

CVSS Severity

CVSS v3 Score 4.9

References

https://wordpress.org/plugins/wpdiscuz/
https://wordpress.org/plugins/wpdiscuz/#developers
https://www.vulncheck.com/advisories/wpdiscuz-before-options-export-leaks-oauth-secrets-in-plaintext

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22203

Products

Pricing

Contact Us