CVE-2025-68997

WordPress wpDiscuz plugin <= 7.6.40 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.40.

We have discovered 8,616 live websites that are affected by CVE-2025-68997.

Run a Free Instant Scan



Affected Software

Product  Wpdiscuz
Category Wordpress Plugins
Vulnerable Domains8,616 live websites (71% of Wpdiscuz install base)
Vulnerable Versions
  • from 0 through 7.6.40
Vulnerable Versions Count93 versions ( 95% of all versions)



Details

  • Published - Dec 30, 2025
  • Updated - Jan 20, 2026

Credits

  • Doan Dinh Van | Patchstack Bug Bounty Program (finder)

Website Distribution by Country

Number of websites using CVE-2025-68997
United States2,469 websites


Russia1,168 websites
Poland628 websites
Germany533 websites
Iran486 websites
Vietnam372 websites
France358 websites
Brazil208 websites
GB184 websites
Italy179 websites

Website Distribution by TLD

Number of websites using CVE-2025-68997
.com3,500 websites
.ru1,030 websites
.pl533 websites
.org312 websites
.net296 websites
.com.br193 websites
.de189 websites
.it143 websites
.fr132 websites
.cz92 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-68997

Top websites that are affected by CVE-2025-68997. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.pl Poland**,***
******.de Germany**,***
******************.com Vietnam**,***
**************.com United States**,***
*********.com United States**,***
********.com United States**,***
******.com GB***,***
********.**.il United States***,***
********.com United States***,***
********.com Russia***,***
See full domain list

FAQ

A total of 8,616 websites have been identified as vulnerable to CVE-2025-68997, based on global website indexing conducted by WebTechSurvey.
The Wpdiscuz is affected by the CVE-2025-68997 vulnerability.
Wpdiscuz versions up to and including 7.6.40 are vulnerable to CVE-2025-68997.