CVE-2026-22215
CSRF Vulnerability in wpDiscuz getFollowsPage Allows Unauthorized Actions
Publication date: 2026-03-13
Last updated on: 2026-03-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gvectors | wpdiscuz | to 7.6.47 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22215 is a Cross-Site Request Forgery (CSRF) vulnerability in wpDiscuz versions before 7.6.47, specifically in the getFollowsPage() function.
The vulnerability exists because the function lacks CSRF protection and nonce validation, which normally prevent unauthorized actions.
Attackers can exploit this flaw by crafting malicious requests that trigger unauthorized actions, such as enumerating user follow relationships and manipulating follow data without proper authorization.
How can this vulnerability impact me? :
This vulnerability allows attackers to perform unauthorized actions on your wpDiscuz installation without needing privileges, by tricking users into executing malicious requests.
Specifically, attackers can enumerate who users follow and manipulate follow data, potentially leading to privacy concerns or unwanted changes in user relationships.
The impact on confidentiality is low, and there is no impact on data integrity or availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unauthorized or suspicious HTTP requests targeting the getFollowsPage() function in wpDiscuz versions prior to 7.6.47. Since the issue involves missing CSRF protection and lack of nonce validation, crafted requests that manipulate user follow data or enumerate follow relationships without proper authorization are indicators of exploitation attempts.'}, {'type': 'paragraph', 'content': 'To detect such activity on your system or network, you can analyze web server logs for unusual POST or GET requests to the follows page handler endpoints that lack valid nonce tokens.'}, {'type': 'paragraph', 'content': 'Example commands to help detect suspicious requests include:'}, {'type': 'list_item', 'content': "Using grep to search web server logs for requests to the follows page handler: grep -i 'getFollowsPage' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "Checking for missing or invalid nonce parameters in requests: grep -i 'nonce' /var/log/apache2/access.log | grep -v 'valid_nonce_value'"}, {'type': 'list_item', 'content': 'Using network monitoring tools like Wireshark or tcpdump to capture HTTP traffic and filter for suspicious requests targeting wpDiscuz follows page endpoints.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and most effective mitigation step is to upgrade wpDiscuz to version 7.6.47 or later, where this CSRF vulnerability in the getFollowsPage() function has been fixed.
If upgrading immediately is not possible, consider implementing additional CSRF protections such as validating nonce tokens on the server side for requests to the follows page handler.
Additionally, monitor and restrict access to the affected endpoints and educate users to avoid interacting with suspicious links that could trigger unauthorized actions.