CVE-2026-22199
Received Received - Intake
Vote Manipulation Vulnerability in wpDiscuz Comments via Nonce Abuse

Publication date: 2026-03-13

Last updated on: 2026-04-23

Assigner: VulnCheck

Description
Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can exploit this vulnerability to disclose sensitive files such as password hashes, which can be cracked offline to obtain root-level access and enable full system compromise.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-14
NVD
CVE-2026-22199
EUVD
EUVD-2026-11745
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gvectors wpdiscuz to 7.6.47 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-22199 is a vote manipulation vulnerability in wpDiscuz versions before 7.6.47. Attackers exploit an unauthenticated endpoint called wpdGetNonce to obtain fresh nonces, which are normally used to validate legitimate voting actions. They bypass rate limiting by changing the User-Agent header, which resets the rate limits, and use techniques like IP rotation or manipulating reverse proxy headers to cast multiple votes. This allows attackers to manipulate comment votes repeatedly without needing authentication or special privileges.

Impact Analysis

This vulnerability can impact you by allowing attackers to unfairly manipulate comment votes on your wpDiscuz-enabled site. Because attackers can bypass rate limits and vote multiple times using different IPs or headers, the integrity of vote counts can be compromised. This can lead to misleading popularity or approval metrics, potentially damaging the credibility of your content or community feedback.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves monitoring for unusual voting activity on wpDiscuz comment sections, especially multiple votes originating from varying User-Agent headers or IP addresses in a short time frame.'}, {'type': 'paragraph', 'content': 'Network detection can focus on identifying repeated requests to the unauthenticated wpdGetNonce endpoint, which attackers use to obtain fresh nonces.'}, {'type': 'paragraph', 'content': 'Commands to assist detection might include:'}, {'type': 'list_item', 'content': "Using web server logs to search for frequent calls to the wpdGetNonce endpoint, e.g., `grep 'wpdGetNonce' /var/log/apache2/access.log`"}, {'type': 'list_item', 'content': "Analyzing logs for multiple requests with varying User-Agent headers from the same IP or IP ranges, e.g., `awk '{print $1, $12}' /var/log/apache2/access.log | sort | uniq -c | sort -nr` (assuming User-Agent is in the 12th field)"}, {'type': 'list_item', 'content': 'Monitoring for IP rotation or reverse proxy header manipulation by inspecting X-Forwarded-For or similar headers in requests.'}] [1]

Mitigation Strategies

The primary mitigation step is to update wpDiscuz to version 7.6.47 or later, where this vote manipulation vulnerability has been addressed.

Until the update can be applied, consider implementing stricter rate limiting that cannot be bypassed by varying User-Agent headers or IP rotation.

Additionally, restrict or monitor access to the unauthenticated wpdGetNonce endpoint to prevent attackers from obtaining fresh nonces easily.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22199. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart