CVE ID :CVE-2026-22191 Published : March 13, 2026, 6:19 a.m. | 1 hour, 58 minutes ago Description :wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mail(). Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...