CVE-2026-7385

5.8 MEDIUM

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addres...

Published: 2026-05-20 · Last updated: 2026-05-20

Severity and scoring

CVSS: 5.8 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Description

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-7385
[Other]https://wpscan.com/vulnerability/1c5949d0-cf50-45d3-a7e2-2f94cdb42405/