Lucene search

CVE-2022-1422

🗓️ 08 Jun 2022 10:09:15Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 55 Views🌐 WEB

The Discy WordPress theme before 5.2 allows CSRF token bypass via discy_reset_options

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Patchstack	WordPress Discy premium theme < 5.2 - Restore Default Settings via Cross-Site Request Forgery (CSRF) vulnerability	16 May 202200:00	–	patchstack
NVD	CVE-2022-1422	8 Jun 202210:15	–	nvd
wpexploit	Discy < 5.2 - Restore Default Settings via CSRF	16 May 202200:00	–	wpexploit
WPVulnDB	Discy < 5.2 - Restore Default Settings via CSRF	16 May 202200:00	–	wpvulndb
CNVD	WordPress theme Discy cross-site request forgery vulnerability	16 Jun 202200:00	–	cnvd
Prion	Cross site request forgery (csrf)	8 Jun 202210:15	–	prion
Cvelist	CVE-2022-1422 Discy < 5.2 - Restore Default Settings via CSRF	6 Jun 202208:50	–	cvelist

Nvd

Vulners

Node

2code discyRange<5.2wordpress

[
  {
    "product": "Discy",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "5.2",
        "status": "affected",
        "version": "5.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/29aff4bf-1691-4dc1-a670-1f2c9a765a3b

Parameter	Position	Path	Description	CWE
action	request body	/wp-admin/admin-ajax.php	AJAX action discy_reset_options does not verify CSRF tokens, allowing potential manipulation by an attacker.	CWE-352

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

08 Jun 2022 10:15Current

6.4Medium risk

Vulners AI Score6.4

CVSS24.3

CVSS36.5

EPSS0.00092

CWE-352