CVE-2026-22203 MEDIUM

CVE-2026-22203: wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext

Vendor Gvectors

Product wpDiscuz

Weakness CWE-200 · Info exposure

Published March 13, 2026

Last update March 13, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain exported files containing plaintext API secrets like fbAppSecret, googleClientSecret, twitterAppSecret, and other social login credentials from support tickets, backups, or version control repositories.

Key dates

02Disclosure timeline

March 13, 2026 CVE published

March 13, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-22203

Related vulnerabilities

CVE-2026-22203: wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext

01Description

02Disclosure timeline

03References

04Related CVE