CVE-2026-22209 - WordPress Discuz Cross-Site Scripting Vulnerability
CVE ID :CVE-2026-22209
Published : March 13, 2026, 6:19 a.m. | 3 hours, 9 minutes ago
Description :wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like in the custom CSS setting to execute arbitrary JavaScript in user browsers.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : March 13, 2026, 6:19 a.m. | 3 hours, 9 minutes ago
Description :wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like in the custom CSS setting to execute arbitrary JavaScript in user browsers.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...