CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-42730

Malicious code in bioql PyPI...

3.5CVSS4.9AI score0.003EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 11:30 p.m.•3 views

CVE-2022-1422

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discyresetoptions, allowing an attacker to trick an admin into resetting the site settings back to defaults...

6.5CVSS6.7AI score0.00103EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 11:30 p.m.•2 views

CVE-2022-1421

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack...

4.3CVSS6.9AI score0.07615EPSS

Exploits2References1

Prion•added 2023/01/09 11:15 p.m.•10 views

Design/Logic Flaw

The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...

3.5CVSS4.1AI score0.003EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2022/12/13 12:0 a.m.•18 views

WPQA < 5.9.3 - Missing validation lead to functionality abuse

The plugin which is a companion plugin used with Discy and Himer themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them. PoC...

3.5CVSS1.4AI score0.003EPSS

Exploits2Affected Software3

OSV•added 2022/08/08 2:15 p.m.•0 views

CVE-2022-1323

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change Theme options by sending a crafted POST request...

6.5CVSS5.8AI score0.00319EPSS

Exploits2References1

CNNVD•added 2022/08/08 12:0 a.m.•3 views

WordPress theme Discy 访问控制错误漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. An Access Control Error vulnerability exists in WordPress theme Discy prior to version 5.0, which ste...

6.5CVSS6.5AI score0.00319EPSS

Exploits2References2

WPVulnDB•added 2022/07/12 12:0 a.m.•23 views

Discy < 5.0 - Subscriber+ Broken Access Control to change settings

The theme lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change the theme options by sending a crafted POST request. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

6.5CVSS4.7AI score0.00319EPSS

Exploits2Affected Software1

OSV•added 2022/06/08 10:15 a.m.•0 views

CVE-2022-1421

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack...

4.3CVSS5.9AI score0.07615EPSS

Exploits2References1

OSV•added 2022/06/08 10:15 a.m.•0 views

CVE-2022-1422

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discyresetoptions, allowing an attacker to trick an admin into resetting the site settings back to defaults...

6.5CVSS5.6AI score

Exploits0References1

CNNVD•added 2022/06/08 12:0 a.m.•2 views

WordPress theme Discy 跨站请求伪造漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site request forgery vulnerability exists in WordPress theme Discy versions prior to...

6.5CVSS5.5AI score0.00103EPSS

Exploits2References2