CVE-2026-22216
Missing Rate Limiting in wpDiscuz Allows Email Subscription Abuse
Publication date: 2026-03-13
Last updated on: 2026-03-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| gvectors | wpdiscuz | to 7.6.47 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-799 | The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22216 is a vulnerability in wpDiscuz versions before 7.6.47 where there is no rate limiting on the subscription endpoints.
Unauthenticated attackers can send POST requests to the wpdAddSubscription handler in the class WpdiscuzHelperAjax.php to subscribe arbitrary email addresses to post notifications without any restriction.
Attackers can also use SQL LIKE wildcard characters in the subscription query to match multiple email addresses at once, causing unwanted notification emails to be sent to many victim accounts.
How can this vulnerability impact me? :
This vulnerability can be exploited to send unwanted notification emails to multiple victim accounts by subscribing arbitrary email addresses without authorization.
The attack requires no privileges or user interaction and can be performed remotely over the network.
While the impact on confidentiality is limited, it can cause a denial of service by overwhelming users with unwanted emails and potentially degrade availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unusual or excessive POST requests to the wpdAddSubscription handler in the class WpdiscuzHelperAjax.php, which is responsible for subscription actions.'}, {'type': 'paragraph', 'content': 'Specifically, you can look for POST requests targeting the subscription endpoint that include email addresses with SQL LIKE wildcard characters, as attackers exploit this to subscribe multiple arbitrary emails.'}, {'type': 'paragraph', 'content': 'Commands to detect such activity might include using network traffic analysis tools or web server logs to filter POST requests to the subscription endpoint. For example, using grep on web server logs:'}, {'type': 'list_item', 'content': "grep -i 'POST.*wpdAddSubscription' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep -i 'wpdAddSubscription' /var/log/nginx/access.log | grep -E '\\%|\\_'"}, {'type': 'paragraph', 'content': 'Additionally, monitoring for spikes in notification emails or unusual subscription activity can help identify exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade wpDiscuz to version 7.6.47 or later, where this missing rate limiting vulnerability has been fixed.
Until the upgrade can be applied, implementing rate limiting on the subscription endpoint to restrict the number of POST requests from unauthenticated users can reduce the risk of exploitation.
Additionally, monitoring and blocking suspicious POST requests containing SQL LIKE wildcard characters in the subscription query can help mitigate abuse.