Home / Vulnerability Intelligence / CVE-2026-22193

CVE-2026-22193 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 16, 2026

wpDiscuz - SQL Injection

Published: March 13, 2026Updated: March 16, 2026Remote Exploitable

Overview

wpDiscuz before 7.6.47 contains an sql injection caused by lack of proper quote escaping in getAllSubscriptions() function parameters, letting attackers manipulate database queries and extract sensitive information, exploit requires crafted input.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 2.6%(Probability of exploitation in next 30 days)

Impact

Attackers can extract sensitive information by manipulating database queries via SQL injection.

Mitigation

Update to version 7.6.47 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 14, 2026

🟠 CVE-2026-22193 - High (8.1) wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscrip... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22193/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-22193
Severity: High
CVSS Score: 8.1
Type: sql_injection
Status: unconfirmed
EPSS: 2.6%
Social Posts: 1

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

2.6%Probability of exploitation in the next 30 days