Primary

Context

wpDiscuz Information Disclosure Vulnerability Allowing OAuth Secret Exposure

Vulnerability

Patched

An information disclosure vulnerability has been identified in wpDiscuz versions prior to 7.6.47. This vulnerability allows administrators to unintentionally expose OAuth secrets by exporting plugin options as JSON. Attackers could retrieve exported files containing plaintext API secrets such as fbAppSecret, googleClientSecret, twitterAppSecret, and other social login credentials from support tickets, backups, or version control repositories.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive OAuth secrets, including API credentials for Facebook, Google, Twitter, and other social login services.

Added: Mar 13, 2026, 8:10 PM

Updated: Mar 13, 2026, 8:10 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

4.6

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

4.6

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wpDiscuz Information Disclosure Vulnerability Allowing OAuth Secret Exposure

Vulnerability

Impact

Affected Products

AdvancedCoding wpDiscuz

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating