CVE-2026-22203
Information Disclosure in wpDiscuz Plugin Exposes OAuth Secrets
Publication date: 2026-03-13
Last updated on: 2026-03-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gvectors | wpdiscuz | to 7.6.47 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22203 is an information disclosure vulnerability in wpDiscuz versions before 7.6.47. It occurs because the plugin allows administrators to export plugin options as JSON files, which unintentionally include sensitive OAuth secrets in plaintext.
These secrets include API credentials such as fbAppSecret, googleClientSecret, twitterAppSecret, and other social login credentials. Attackers can obtain these exported files from sources like support tickets, backups, or version control repositories.
The vulnerability requires administrator privileges but no user interaction and can be exploited remotely with low attack complexity.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive OAuth credentials, such as API secrets for Facebook, Google, and Twitter integrations.
If attackers gain access to these secrets, they could potentially misuse social login credentials, impersonate users, or access connected services, leading to compromised accounts or data breaches.
Since the vulnerability requires administrator access to export the options, the risk is higher if an attacker already has elevated privileges or can access exported files through backups or support channels.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by searching for exported JSON files from the wpDiscuz plugin that contain plaintext OAuth secrets such as fbAppSecret, googleClientSecret, and twitterAppSecret.'}, {'type': 'paragraph', 'content': 'You can check support tickets, backups, or version control repositories for such exported files.'}, {'type': 'paragraph', 'content': 'On your system, you might use commands to search for JSON files containing these keywords. For example, using grep on a Linux system:'}, {'type': 'list_item', 'content': "grep -r -i 'fbAppSecret' /path/to/wpdiscuz/exports/"}, {'type': 'list_item', 'content': "grep -r -i 'googleClientSecret' /path/to/wpdiscuz/exports/"}, {'type': 'list_item', 'content': "grep -r -i 'twitterAppSecret' /path/to/wpdiscuz/exports/"}, {'type': 'paragraph', 'content': 'These commands help identify if any exported JSON files contain sensitive OAuth secrets, indicating the presence of the vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the wpDiscuz plugin to version 7.6.47 or later, where the issue has been fixed.
Additionally, review and remove any exported JSON files that contain sensitive OAuth secrets from support tickets, backups, or version control repositories to prevent unauthorized access.
Limit administrator access to trusted personnel only, as the vulnerability requires high privileges to exploit.