MEDIUM
Decent Comments
CVE published 2026-05-20
CVE-2026-7385
CVE-2026-7385 describes an information disclosure issue in the Decent Comments WordPress plugin before 3.0.2. A REST API endpoint does not restrict access to comment author email addresses and post author email addresses, which allows unauthenticated attackers to enumerate registered user email addresses. The CVSS v3.1 vector provided by NVD is AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N, matching a medium-severi [truncated]