CVEFinder.io

CVE-2026-7385

🔶 medium
🔍 Scan for this CVE
Summary

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.

CVSS Score
5.8
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-20
First Seen: 2026-05-21
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.9% of all 325,680 vulnerabilities in our database.

#218,404
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 20, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Vaibhav Narkhede WPScan (coordinator)
SSVC data provided by CISA
Last Modified 2026-05-20
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

📦 Affected Products 0

No affected products information available

🔗 References 1

https://wpscan.com/vulnerability/1c5949d0-cf50-45d3-...