Primary

Context

wpDiscuz Email Header Injection Vulnerability

Vulnerability

Patched

An email header injection vulnerability has been identified in wpDiscuz versions prior to 7.6.47. This vulnerability allows attackers to manipulate email recipients by injecting malicious data into the comment_author_email cookie. When the crafted cookie value is processed through urldecode() and passed to the wp_mail() function, it enables header injection that can alter email recipients or inject additional headers.

Impact

Exploitation of this vulnerability allows for email header injection, which can be used to manipulate email recipients or inject additional headers, potentially leading to phishing or other social engineering attacks.

Added: Mar 13, 2026, 8:09 PM

Updated: Mar 13, 2026, 8:09 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

6.8

remediation

7.7

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

6.8

remediation

7.7

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wpDiscuz Email Header Injection Vulnerability

Vulnerability

Impact

Affected Products

AdvancedCoding wpDiscuz

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating