The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Decent Comments |
|
| Wordpress |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
| Decent Comments |
|
| Wordpress |
|
References
History
Wed, 20 May 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Decent Comments
Decent Comments decent Comments Wordpress Wordpress wordpress |
|
| Vendors & Products |
Decent Comments
Decent Comments decent Comments Wordpress Wordpress wordpress |
Wed, 20 May 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-200 CWE-284 |
Wed, 20 May 2026 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses. | |
| Title | Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-05-20T06:00:08.865Z
Reserved: 2026-04-29T08:45:59.638Z
Link: CVE-2026-7385
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2026-05-20T07:16:16.353
Modified: 2026-05-20T14:01:24.027
Link: CVE-2026-7385
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-05-20T10:37:54Z