Home / Vulnerability Intelligence / CVE-2026-22202

CVE-2026-22202 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 16, 2026

wpDiscuz - Cross-Site Request Forgery

Published: March 13, 2026Updated: March 16, 2026Remote Exploitable

Overview

wpDiscuz before 7.6.47 contains a cross-site request forgery caused by lack of POST-based CSRF protection in deletecomments action, letting attackers delete all comments associated with an email via crafted GET requests.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 1.9%(Probability of exploitation in next 30 days)

Impact

Attackers can permanently delete all comments linked to an email address without user confirmation.

Mitigation

Update to version 7.6.47 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 14, 2026

🟠 CVE-2026-22202 - High (8.1) wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomme... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22202/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-22202
Severity: High
CVSS Score: 8.1
Type: cross_site_request_forgery
Status: unconfirmed
EPSS: 1.9%
Social Posts: 1

CWE

CWE-352

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

EPSS Score

1.9%Probability of exploitation in the next 30 days