CVE-2026-22193 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 13, 2026
wpDiscuz - SQL Injection
Overview
wpDiscuz before 7.6.47 contains an sql injection caused by lack of proper quote escaping in getAllSubscriptions() function parameters, letting attackers manipulate database queries and extract sensitive information, exploit requires crafted input.
Severity & Score
Impact
Attackers can extract sensitive information by manipulating database queries via SQL injection.
Mitigation
Update to version 7.6.47 or later.
References
Social Media Activity(1 post)
🚨 CRITICAL: CVE-2026-22193 in wpDiscuz <7.6.47 enables unauthenticated remote SQL injection. Attackers can access sensitive DB data. Patch ASAP or apply mitigations (WAF, access controls, log monitoring)! https://radar.offseq.com/threat/cve-2026-22193-improper-neutralization-of-special--3f166beb #OffSeq #WordPress #SQLInjection
View original postRelated Resources
Details
- CVE ID
- CVE-2026-22193
- Severity
- High
- CVSS Score
- 8.1
- Type
- sql_injection
- Status
- new
- EPSS
- 2.9%
- Social Posts
- 1
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H