CVE-2026-22209
Received Received - Intake
Stored XSS in wpDiscuz customCss Allows Admin Script Injection

Publication date: 2026-03-13

Last updated on: 2026-03-26

Assigner: VulnCheck

Description
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like in the custom CSS setting to execute arbitrary JavaScript in user browsers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-26
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22209
EUVD
EUVD-2026-11750
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gvectors wpdiscuz to 7.6.47 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-22209 is a cross-site scripting (XSS) vulnerability in wpDiscuz versions before 7.6.47. It occurs in the customCss field where administrators can inject malicious scripts by breaking out of style tags.

An attacker with admin privileges can insert payloads like </style><script>alert(1)</script> into the custom CSS setting, which allows arbitrary JavaScript to execute in the browsers of users who view the affected content.

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability allows an attacker with administrative access to execute arbitrary JavaScript in the browsers of users interacting with the affected wpDiscuz installation.'}, {'type': 'paragraph', 'content': "Such script execution can lead to theft of user data, session hijacking, or other malicious actions performed in the context of the user's browser."}, {'type': 'paragraph', 'content': 'However, this vulnerability requires admin privileges and does not involve privilege escalation or user interaction.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves malicious script injection in the customCss field by administrators breaking out of style tags. Detection involves inspecting the custom CSS settings for suspicious payloads such as </style><script>alert(1)</script>.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires admin access and involves stored XSS in the custom CSS, detection commands would focus on querying the database or configuration files where custom CSS is stored to find suspicious script tags.'}, {'type': 'list_item', 'content': "Use SQL queries to search for suspicious patterns in the customCss field, for example: SELECT * FROM wp_options WHERE option_name = 'wpdiscuz_custom_css' AND option_value LIKE '%</script>%';"}, {'type': 'list_item', 'content': "Use grep or similar tools on configuration or theme files to find injected script tags: grep -r '</script>' /path/to/wp-content/"}, {'type': 'paragraph', 'content': 'Network detection is less effective since this is a stored XSS triggered in user browsers, but monitoring admin activity and changes to custom CSS settings can help identify exploitation attempts.'}] [1]

Mitigation Strategies

The primary mitigation step is to update wpDiscuz to version 7.6.47 or later, where this vulnerability is fixed.

Restrict administrative access to trusted users only, as the vulnerability requires admin privileges to exploit.

Review and sanitize any custom CSS entries to remove malicious script injections.

Monitor and audit changes to the custom CSS settings regularly to detect any unauthorized or suspicious modifications.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22209. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart