Primary

Context

wpDiscuz Missing CSRF Protection Vulnerability in Follows Page Handling

Vulnerability

Patched

A cross-site request forgery (CSRF) vulnerability has been identified in the wpDiscuz WordPress plugin, affecting versions prior to 7.6.47. The issue arises in the getFollowsPage() function, where the absence of nonce validation allows attackers to perform unauthorized actions. Exploiting this vulnerability, attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data.

Impact

Exploitation of this vulnerability allows for unauthorized actions to be performed on behalf of users, specifically related to managing follow relationships and user follow data.

Added: Mar 13, 2026, 8:07 PM

Updated: Mar 13, 2026, 8:07 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

6.5

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

6.5

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wpDiscuz Missing CSRF Protection Vulnerability in Follows Page Handling

Vulnerability

Impact

Affected Products

AdvancedCoding wpDiscuz

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating