CVE-2026-7385

medium

Description

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.

References

https://wpscan.com/vulnerability/1c5949d0-cf50-45d3-a7e2-2f94cdb42405/

Details

Source: Mitre, NVD

Published: 2026-05-20

Updated: 2026-05-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N