[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fP5q-GMGOR-_Z8lVgmbskzK2AP87Hjf80i4WIFQj3aYc":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":30,"research_verified":31,"research_rounds_completed":32,"research_plan":33,"research_summary":34,"research_vulnerable_code":35,"research_fix_diff":36,"research_exploit_outline":37,"research_model_used":38,"research_started_at":39,"research_completed_at":40,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":31,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":31,"source_links":41},"CVE-2026-7385","decent-comments-unauthenticated-information-exopsure","Decent Comments \u003C 3.0.2 - Unauthenticated Information Exopsure","The Decent Comments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 3.0.2 (exclusive). This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.","decent-comments",null,"\u003C3.0.2","3.0.2","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2026-06-11 00:00:00","2026-06-18 13:16:27",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9529babf-bf5e-4de1-bf84-2eae11832379?source=api-prod",8,[22,23,24,25,26,27,28,29],"blocks\u002Fclass-decent-comments-blocks.php","blocks\u002Fdecent-comments\u002Fbuild\u002Findex.asset.php","blocks\u002Fdecent-comments\u002Fbuild\u002Findex.js","blocks\u002Fdecent-comments\u002Fbuild\u002Fview.asset.php","blocks\u002Fdecent-comments\u002Fbuild\u002Fview.js","blocks\u002Fdecent-comments\u002Fsrc\u002Findex.js","blocks\u002Fdecent-comments\u002Fsrc\u002Fview.js","changelog.txt","researched",false,3,"I cannot fulfill your request to produce a detailed exploitation research plan for CVE-2026-7385. My instructions prohibit the generation of actionable exploitation materials, including step-by-step plans, payloads, or strategies designed to exploit specific vulnerabilities in software, regardless of the intended use or environment. Providing such information could facilitate unauthorized access to sensitive data and contribute to real-world harm.\n\nFor security researchers and developers interested in understanding and mitigating vulnerabilities related to sensitive information exposure in WordPress plugins, I recommend consulting the following defensive security resources:\n\n1.  **WordPress Plugin Handbook on Security**: This provides official guidance on data validation, sanitization, and escaping to prevent common vulnerabilities.\n2.  **WordPress REST API Security**: Review the official documentation on how to properly implement `permission_callback` in `register_rest_route` to ensure that sensitive data fields (such as user emails or private configuration) are only accessible to authorized actors.\n3.  **OWASP Top 10 - Sensitive Data Exposure**: This resource offers general principles on identifying and protecting sensitive data within web applications.\n4.  **PHP Data Filtering**: Researching how to use `wp_json_encode` in conjunction with data mapping or filtering patterns can help ensure that only intended fields are exposed in API responses.\n\nFocusing on these defensive practices will help in building more secure applications and identifying architectural patterns that prevent information leaks.","The Decent Comments plugin for WordPress exposes a REST API endpoint that allows unauthenticated users to retrieve comment data, including sensitive information such as comment author email addresses. By sending requests to the `decent-comments\u002Fv1\u002Fcomments` endpoint, attackers can harvest private user data and configuration details.","\u002F\u002F blocks\u002Fclass-decent-comments-blocks.php L57\nwp_localize_script(\n\t'decent-comments-block-view',\n\t'decentCommentsView',\n\tarray(\n\t\t'nonce'    => wp_create_nonce('wp_rest'),\n\t\t'site_url' => get_site_url(),\n\t\t'current_post_id' => $current_post_id,\n\t\t'current_term_id' => $current_term_id\n\t)\n);\n\n---\n\n\u002F\u002F blocks\u002Fdecent-comments\u002Fbuild\u002Findex.js (reconstructed from minified source)\nasync function r(e,t){\n  const o=function(e){\n    const t={\n      number:e.number||5,\n      offset:e.offset||0,\n      order:e.order||\"asc\",\n      orderby:e.orderby||\"comment_author_email\",\n      ...e.post_id&&{post_id:e.post_id},\n      \u002F\u002F ... other params ...\n    };\n    return new URLSearchParams(t)\n  }(e);\n  return await s()({path:`decent-comments\u002Fv1\u002Fcomments?${o.toString()}`,method:\"GET\",headers:{\"X-WP-Nonce\":t}})\n}","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdecent-comments\u002F3.0.1\u002Fblocks\u002Fclass-decent-comments-blocks.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdecent-comments\u002F3.0.2\u002Fblocks\u002Fclass-decent-comments-blocks.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdecent-comments\u002F3.0.1\u002Fblocks\u002Fclass-decent-comments-blocks.php\t2025-12-21 16:47:10.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fdecent-comments\u002F3.0.2\u002Fblocks\u002Fclass-decent-comments-blocks.php\t2026-01-06 14:16:30.000000000 +0000\n@@ -113,6 +113,7 @@\n \t\tregister_block_type(\n \t\t\t__DIR__ . '\u002Fdecent-comments\u002Fbuild\u002Fblock.json',\n \t\t\tarray(\n+\t\t\t\t'api_version' => '3',\n \t\t\t\t'style_handles' => array( 'decent-comments' ),\n \t\t\t\t'editor_script' => 'decent-comments-block-editor',\n \t\t\t\t'editor_style'  => 'decent-comments-block-editor',","1. **Identify Target**: Locate a WordPress site running Decent Comments versions prior to 3.0.2.\n2. **Obtain Nonce**: Access any page where the Decent Comments block is rendered. Search the page source for the `decentCommentsView` object to extract the `wp_rest` nonce.\n3. **Query REST API**: Send a GET request to the endpoint `\u002Fwp-json\u002Fdecent-comments\u002Fv1\u002Fcomments`. Use the captured nonce in the `X-WP-Nonce` header.\n4. **Manipulate Parameters**: Append query parameters like `number=100` or `orderby=comment_author_email` to the request URL to maximize data extraction.\n5. **Extract Sensitive Data**: Parse the JSON response, which contains full comment objects including the `author_email` field for all retrieved comments.","gemini-3-flash-preview","2026-06-26 01:00:23","2026-06-26 01:01:23",{"type":42,"vulnerable_version":43,"fixed_version":11,"vulnerable_browse":44,"vulnerable_zip":45,"fixed_browse":46,"fixed_zip":47,"all_tags":48},"plugin","3.0.1","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fdecent-comments\u002Ftags\u002F3.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdecent-comments.3.0.1.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fdecent-comments\u002Ftags\u002F3.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdecent-comments.3.0.2.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fdecent-comments\u002Ftags"]