Description
wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the unauthenticated wpdGetNonce endpoint, and vote multiple times using IP rotation or reverse proxy header manipulation.
Published: 2026-03-13
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Vote manipulation / integrity compromise
Action: Patch
AI Analysis

Impact

A vulnerability in wpDiscuz before version 7.6.47 allows an attacker to forge request parameters and obtain a fresh nonce via the unauthenticated wpdGetNonce endpoint. With this nonce, the attacker can repeatedly submit vote actions on comments. By manipulating client‑controlled headers, such as the User‑Agent and IP‑related headers, the attacker can also bypass the plugin’s rate‑limiting mechanism. The result is that comment vote counts can be inflated or deflated at will, undermining the integrity of the comment ranking system. The weakness is identified as CWE‑290, a broken access‑control or authentication bypass condition.

Affected Systems

The affected product is the WordPress comment plugin wpDiscuz by gVectors. All installations running any version earlier than 7.6.47 are vulnerable. No specific version sub‑ranges are listed beyond the major release cutoff.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, while the EPSS score of less than 1% suggests a low likelihood of mass exploitation. The vulnerability is not included in the CISA KEV catalog. Exploitation requires only unauthenticated HTTP requests to the plugin’s endpoints and the ability to alter request headers, which is trivial for most attackers. An attacker can automate the process to manipulate many comment votes in a short time.

Generated by OpenCVE AI on March 17, 2026 at 21:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade wpDiscuz to version 7.6.47 or later.
  • If an upgrade is not immediately possible, disable or restrict access to the wpdGetNonce endpoint and enforce stricter IP validation or header checks to mitigate rate‑limiting bypass.

Generated by OpenCVE AI on March 17, 2026 at 21:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 02:00:00 +0000

Type Values Removed Values Added
Description wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the unauthenticated wpdGetNonce endpoint, and vote multiple times using IP rotation or reverse proxy header manipulation.
Title wpDiscuz before 7.6.47 - Vote Manipulation via Nonce Oracle and IP Rotation
First Time appeared Gvectors
Gvectors wpdiscuz
Weaknesses CWE-290
CPEs cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*
Vendors & Products Gvectors
Gvectors wpdiscuz
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Gvectors Wpdiscuz
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-13T16:09:40.962Z

Reserved: 2026-01-06T16:47:17.184Z

Link: CVE-2026-22199

cve-icon Vulnrichment

Updated: 2026-03-13T16:09:38.366Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-13T19:54:09.933

Modified: 2026-03-17T20:26:29.797

Link: CVE-2026-22199

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:56Z

Weaknesses