CVE-2026-7385

MEDIUM 5.8

Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure

CVSS Score

5.8

EPSS Score

0.0%

EPSS Percentile

7th

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.

Vendor	unknown
Product	decent comments
Published	May 20, 2026
Last Updated	May 20, 2026

Stay Ahead of the Next One

Get instant alerts for unknown decent comments

Be the first to know when new medium vulnerabilities affecting unknown decent comments are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Decent Comments

0 < 3.0.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/1c5949d0-cf50-45d3-a7e2-2f94cdb42405/

Credits

Vaibhav Narkhede WPScan