Primary

Context

wpDiscuz Missing Rate Limiting Vulnerability Allowing Email Subscription Flooding

Vulnerability

Patched

A missing rate limiting vulnerability has been identified in wpDiscuz versions prior to 7.6.47. This vulnerability allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications. Exploitation is achieved by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can use LIKE wildcard characters in the subscription query to target multiple email addresses, resulting in a flood of unwanted notification emails to those accounts.

Impact

Exploitation of this vulnerability can lead to a flood of notification emails being sent to targeted email addresses, causing disruption and potential annoyance to users.

Remediation

Users are advised to update wpDiscuz to version 7.6.47 or later, where this vulnerability has been addressed.

Added: Mar 13, 2026, 8:05 PM

Updated: Mar 13, 2026, 8:05 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.8

exploitability

8.3

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.8

exploitability

8.3

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wpDiscuz Missing Rate Limiting Vulnerability Allowing Email Subscription Flooding

Vulnerability

Impact

Remediation

Affected Products

AdvancedCoding wpDiscuz

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating