RSS   Vulnerabilities for 'Discy'   RSS

2022-06-08
 
CVE-2022-1421

CWE-352
 

 
The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

 
 
CVE-2022-1422

CWE-352
 

 
The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.

 

 >>> Vendor: 2code 3 Products
Wpqa builder
Ask me
Discy


Copyright 2024, cxsecurity.com

 

Back to Top