CVE-2026-22183
Stored XSS in wpDiscuz Inline Comment Preview Allows Script Injection
Publication date: 2026-03-13
Last updated on: 2026-03-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gvectors | wpdiscuz | to 7.6.47 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22183 is a stored cross-site scripting (XSS) vulnerability in wpDiscuz versions before 7.6.47. It occurs in the inline comment preview feature, where authenticated users with unfiltered_html capabilities can inject malicious JavaScript code by submitting comments containing unescaped content.
This malicious script is then rendered in the AJAX response generated by the getLastInlineComments() function in the class WpdiscuzHelperAjax.php without proper HTML escaping, allowing the script to execute in the context of the affected website.
How can this vulnerability impact me? :
This vulnerability allows attackers to execute stored malicious scripts on the affected site, which can compromise user data or the integrity of the website.
Because the attack is stored and executed in the context of the site, it can lead to unauthorized actions, data theft, or manipulation of site content, potentially affecting both site administrators and users.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious or malicious JavaScript code injected into comments submitted by authenticated users with unfiltered_html capabilities. Since the vulnerability involves stored cross-site scripting in the inline comment preview feature, inspecting AJAX responses from the getLastInlineComments() function for unescaped script content can help identify exploitation attempts.'}, {'type': 'paragraph', 'content': 'Commands to detect this might include using web application security scanners that look for stored XSS vulnerabilities in comment fields or manually inspecting HTTP traffic for suspicious script tags in AJAX responses related to comment previews.'}, {'type': 'paragraph', 'content': 'For example, using curl or wget to fetch the AJAX response and grep to search for script tags or suspicious content could be helpful:'}, {'type': 'list_item', 'content': "curl -s 'https://your-site.com/wp-admin/admin-ajax.php?action=getLastInlineComments' | grep -i '<script>'"}, {'type': 'list_item', 'content': 'Use browser developer tools to inspect AJAX responses for inline comment previews containing unescaped JavaScript.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade wpDiscuz to version 7.6.47 or later, where this stored cross-site scripting vulnerability has been fixed.
Additionally, restricting or reviewing user permissions to limit unfiltered_html capabilities can reduce the risk of exploitation by preventing unauthorized users from injecting malicious scripts.
Implementing web application firewalls (WAF) rules to detect and block suspicious script injections in comment content can also help mitigate the risk until the patch is applied.