Primary

Context

wpDiscuz SQL Injection Vulnerability in getAllSubscriptions() Function

Vulnerability

Patched

A SQL injection vulnerability has been identified in the wpDiscuz WordPress plugin, affecting versions prior to 7.6.47. The issue arises in the getAllSubscriptions() function, where string parameters are not properly escaped before being included in SQL queries. This flaw allows attackers to inject malicious SQL code through the email, activation_key, subscription_date, and imported_from parameters. Exploitation of this vulnerability could lead to manipulation of database queries and unauthorized access to sensitive information.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries and potentially extract sensitive information from the database.

Added: Mar 13, 2026, 8:12 PM

Updated: Mar 13, 2026, 8:12 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.8

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.8

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wpDiscuz SQL Injection Vulnerability in getAllSubscriptions() Function

Vulnerability

Impact

Affected Products

AdvancedCoding wpDiscuz

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating