CVE-2026-22199
Vote Manipulation Vulnerability in wpDiscuz Comments via Nonce Abuse
Publication date: 2026-03-13
Last updated on: 2026-04-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gvectors | wpdiscuz | to 7.6.47 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update wpDiscuz to version 7.6.47 or later, where this vote manipulation vulnerability has been addressed.
Until the update can be applied, consider implementing stricter rate limiting that cannot be bypassed by varying User-Agent headers or IP rotation.
Additionally, restrict or monitor access to the unauthenticated wpdGetNonce endpoint to prevent attackers from obtaining fresh nonces easily.
Can you explain this vulnerability to me?
CVE-2026-22199 is a vote manipulation vulnerability in wpDiscuz versions before 7.6.47. Attackers exploit an unauthenticated endpoint called wpdGetNonce to obtain fresh nonces, which are normally used to validate legitimate voting actions. They bypass rate limiting by changing the User-Agent header, which resets the rate limits, and use techniques like IP rotation or manipulating reverse proxy headers to cast multiple votes. This allows attackers to manipulate comment votes repeatedly without needing authentication or special privileges.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to unfairly manipulate comment votes on your wpDiscuz-enabled site. Because attackers can bypass rate limits and vote multiple times using different IPs or headers, the integrity of vote counts can be compromised. This can lead to misleading popularity or approval metrics, potentially damaging the credibility of your content or community feedback.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'Detection of this vulnerability involves monitoring for unusual voting activity on wpDiscuz comment sections, especially multiple votes originating from varying User-Agent headers or IP addresses in a short time frame.'}, {'type': 'paragraph', 'content': 'Network detection can focus on identifying repeated requests to the unauthenticated wpdGetNonce endpoint, which attackers use to obtain fresh nonces.'}, {'type': 'paragraph', 'content': 'Commands to assist detection might include:'}, {'type': 'list_item', 'content': "Using web server logs to search for frequent calls to the wpdGetNonce endpoint, e.g., `grep 'wpdGetNonce' /var/log/apache2/access.log`"}, {'type': 'list_item', 'content': "Analyzing logs for multiple requests with varying User-Agent headers from the same IP or IP ranges, e.g., `awk '{print $1, $12}' /var/log/apache2/access.log | sort | uniq -c | sort -nr` (assuming User-Agent is in the 12th field)"}, {'type': 'list_item', 'content': 'Monitoring for IP rotation or reverse proxy header manipulation by inspecting X-Forwarded-For or similar headers in requests.'}] [1]