cleantalk
Vulnerabilities and Security Researches

Decent Comments, CVE-2026-7385

CVE, Research URL

CVE-2026-7385

Home page URL

Security reports for Decent Comments

Application

Decent Comments

Published on
May 20, 2026
Research Description
The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses.
Affected versions
max 3.0.2.
Status
vulnerable
Previous vulnerability researches
WpZon – Amazon Affiliate Plugin (CVE-2025-46506) , Apr 26, 2025
New vulnerability
WordPress Online Booking and Scheduling Plugin – Bookly (CVE-2026-42667) , May 22, 2026
Email Encoder – Protect Email Addresses and Phone Numbers (CVE-2026-5776) , May 22, 2026
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2026-42671) , May 22, 2026
Widget Context (CVE-2026-7615) , May 22, 2026
Classified Listing – Classified ads & Business Directory Plugin (CVE-2026-42679) , May 22, 2026