Vulnerabilities

CVE-2026-22209

by Fred · 13/03/2026

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like

in the custom CSS setting to execute arbitrary JavaScript in user browsers.

More information : https://wordpress.org/plugins/wpdiscuz/

Similar

Tags: Cybersecurity Alert