Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure

5.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Description

The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.

Basic Information

ID CVE-2026-7385

Source WPScan

Published May 20, 2026 at 06:00

Modified May 20, 2026 at 17:34

Affected Product

Vendor Unknown

Product Decent Comments

Affected Versions Unknown Decent Comments 0

CWE Classification

References

wpscan.com /vulnerability/1c5949d0-cf50-45d3-a7e2-2f94cdb42405/

{
    "lastseen": "",
    "description": "The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.",
    "published": "2026-05-20T06:00:08.865Z",
    "modified": "2026-05-20T17:34:58.686Z",
    "type": "cve",
    "title": "Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/1c5949d0-cf50-45d3-a7e2-2f94cdb42405/",
    "id": "CVE-2026-7385",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Decent Comments 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Decent Comments",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure_CVE-2026-7385