Vulnerabilities and security researches fordecent-comments decent-comments

May 22, 2026

CVE, Research URL: CVE-2026-7385
Home page URL: Security reports for Decent Comments
Application: Decent Comments
Date: May 20, 2026
Research Description: The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.
Affected versions: max 3.0.2.
Status: vulnerable