{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T12:38:25.162","vulnerabilities":[{"cve":{"id":"CVE-2026-22209","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-03-13T19:54:11.003","lastModified":"2026-06-17T10:19:33.237","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like </style><script>alert(1)</script> in the custom CSS setting to execute arbitrary JavaScript in user browsers."},{"lang":"es","value":"El firmware de Thingino hasta la confirmación e3f6a41 (publicada el 15 de marzo de 2026) contiene una vulnerabilidad de inyección de comandos del sistema operativo sin autenticación en el script CGI del portal cautivo de WiFi, que permite a atacantes remotos ejecutar comandos arbitrarios como root mediante la inyección de código malicioso a través de nombres de parámetros HTTP no validados. Los atacantes pueden aprovechar la función eval en las funciones parse_query() y parse_post() para lograr la ejecución remota de código y realizar cambios de configuración con privilegios, incluyendo el restablecimiento de la contraseña de root y la modificación de authorized_keys de SSH, lo que da lugar a un compromiso total y persistente del dispositivo."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"gVectors","product":"wpDiscuz","defaultStatus":"unaffected","packageURL":"pkg:wordpress-plugin/wpdiscuz","versions":[{"version":"0","lessThan":"7.6.47","versionType":"custom","status":"affected"},{"version":"7.6.47","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-13T14:15:11.236119Z","id":"CVE-2026-22209","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"7.6.47","matchCriteriaId":"A81F51B9-0C21-4F7E-876B-C09A66B9AE05"}]}]}],"references":[{"url":"https://wordpress.org/plugins/wpdiscuz/","source":"disclosure@vulncheck.com"},{"url":"https://wordpress.org/plugins/wpdiscuz/#developers","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/wpdiscuz-before-cross-site-scripting-via-unescaped-custom-css-in-style-tag","source":"disclosure@vulncheck.com"}]}}]}