CVE-2026-22182
Unauthenticated DoS in wpDiscuz Notifications via wpdiscuz-ajax.php
Publication date: 2026-03-13
Last updated on: 2026-03-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gvectors | wpdiscuz | to 7.6.47 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22182 is an unauthenticated denial of service vulnerability in the wpDiscuz WordPress plugin versions before 7.6.47. It allows anonymous attackers to exploit the checkNotificationType() function by repeatedly calling the wpdiscuz-ajax.php endpoint with arbitrary postId and comment_id parameters. Because this function lacks nonce verification, authentication checks, and rate limiting, attackers can trigger a flood of mass notification emails to subscribers without any authorization.
How can this vulnerability impact me? :
This vulnerability can be exploited to cause a denial of service by flooding subscribers with excessive email notifications. The mass email flood can overwhelm email systems, degrade service availability, and potentially lead to subscribers marking emails as spam, damaging the reputation of the affected site. Since the exploit requires no authentication, it can be triggered by anyone, increasing the risk and impact.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring repeated or unusual requests to the wpdiscuz-ajax.php endpoint with arbitrary postId and comment_id parameters. Network or web server logs may show a high volume of such requests originating from anonymous sources.'}, {'type': 'paragraph', 'content': 'You can use commands to analyze web server logs for suspicious activity targeting wpdiscuz-ajax.php. For example, using grep on Apache or Nginx logs to find repeated calls:'}, {'type': 'list_item', 'content': "grep 'wpdiscuz-ajax.php' /var/log/apache2/access.log | awk '{print $1}' | sort | uniq -c | sort -nr"}, {'type': 'list_item', 'content': 'This command lists IP addresses making requests to wpdiscuz-ajax.php sorted by frequency, helping identify potential attackers.'}, {'type': 'paragraph', 'content': 'Additionally, monitoring outgoing email logs for a sudden spike in notification emails sent by the WordPress server can indicate exploitation of this vulnerability.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the wpDiscuz plugin to version 7.6.47 or later, where this vulnerability has been fixed.
Until the update can be applied, you can implement temporary mitigations such as:
- Blocking or rate limiting requests to the wpdiscuz-ajax.php endpoint at the web server or firewall level to prevent abuse.
- Monitoring and restricting anonymous access to the notification-related AJAX endpoints.
- Implementing email sending limits or filters on the mail server to reduce the impact of mass notification floods.