CVE-2026-22209
Stored XSS in wpDiscuz customCss Allows Admin Script Injection
Publication date: 2026-03-13
Last updated on: 2026-03-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gvectors | wpdiscuz | to 7.6.47 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22209 is a cross-site scripting (XSS) vulnerability in wpDiscuz versions before 7.6.47. It occurs in the customCss field where administrators can inject malicious scripts by breaking out of style tags.
An attacker with admin privileges can insert payloads like </style><script>alert(1)</script> into the custom CSS setting, which allows arbitrary JavaScript to execute in the browsers of users who view the affected content.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability allows an attacker with administrative access to execute arbitrary JavaScript in the browsers of users interacting with the affected wpDiscuz installation.'}, {'type': 'paragraph', 'content': "Such script execution can lead to theft of user data, session hijacking, or other malicious actions performed in the context of the user's browser."}, {'type': 'paragraph', 'content': 'However, this vulnerability requires admin privileges and does not involve privilege escalation or user interaction.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves malicious script injection in the customCss field by administrators breaking out of style tags. Detection involves inspecting the custom CSS settings for suspicious payloads such as </style><script>alert(1)</script>.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires admin access and involves stored XSS in the custom CSS, detection commands would focus on querying the database or configuration files where custom CSS is stored to find suspicious script tags.'}, {'type': 'list_item', 'content': "Use SQL queries to search for suspicious patterns in the customCss field, for example: SELECT * FROM wp_options WHERE option_name = 'wpdiscuz_custom_css' AND option_value LIKE '%</script>%';"}, {'type': 'list_item', 'content': "Use grep or similar tools on configuration or theme files to find injected script tags: grep -r '</script>' /path/to/wp-content/"}, {'type': 'paragraph', 'content': 'Network detection is less effective since this is a stored XSS triggered in user browsers, but monitoring admin activity and changes to custom CSS settings can help identify exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update wpDiscuz to version 7.6.47 or later, where this vulnerability is fixed.
Restrict administrative access to trusted users only, as the vulnerability requires admin privileges to exploit.
Review and sanitize any custom CSS entries to remove malicious script injections.
Monitor and audit changes to the custom CSS settings regularly to detect any unauthorized or suspicious modifications.