CVE-2026-7385

MEDIUM CVSS 5.8 View on NVD ↗

Description

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

References

https://wpscan.com/vulnerability/1c5949d0-cf50-45d3-a7e2-2f94cdb42405/

Published: May 20, 2026 07:16 UTC Modified: May 20, 2026 18:16 UTC