CVE-2026-22202
CSRF Vulnerability in wpDiscuz Allows Mass Comment Deletion
Publication date: 2026-03-13
Last updated on: 2026-03-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gvectors | wpdiscuz | to 7.6.47 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-22202 is a Cross-Site Request Forgery (CSRF) vulnerability in wpDiscuz versions before 7.6.47. It allows attackers to delete all comments associated with a specific email address by sending a maliciously crafted GET request that includes a valid HMAC key.'}, {'type': 'paragraph', 'content': "The vulnerability exploits the lack of POST-based CSRF protection and absence of user confirmation, enabling attackers to embed the deletecomments action URL in image tags or other resources. This causes permanent deletion of comments without the user's knowledge or interaction."}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to permanent deletion of all comments associated with a targeted email address on a vulnerable wpDiscuz installation.
Since the attack requires no privileges and can be triggered via network with low complexity, it poses a significant risk to the integrity and availability of comment data.
Users may experience loss of important discussion content, which can affect community engagement and trust.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring network traffic for malicious GET requests targeting the wpDiscuz deletecomments action URL that include a valid HMAC key.'}, {'type': 'paragraph', 'content': 'You can use network traffic analysis tools like tcpdump or Wireshark to capture HTTP GET requests and filter for suspicious URLs containing the deletecomments action.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture HTTP GET requests: tcpdump -i any -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'GET'"}, {'type': 'list_item', 'content': "Use grep or similar tools on web server logs to search for GET requests containing 'deletecomments' and HMAC keys."}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade wpDiscuz to version 7.6.47 or later, where this vulnerability has been fixed.
Until the upgrade can be applied, consider implementing network-level protections such as blocking or filtering suspicious GET requests that contain the deletecomments action URL with HMAC keys.
Additionally, review and enhance CSRF protections by enforcing POST-based requests for destructive actions and requiring user confirmation.