3 matches found
CVE-2022-1323
The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change Theme options by sending a crafted POST request...
CVE-2022-1323 Discy < 5.0 - Subscriber+ Broken Access Control to change settings
The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change Theme options by sending a crafted POST request...
CVE-2022-1323
The CVE-2022-1323 entry concerns the Discy WordPress theme prior to version 5.0, where a lack of authorization checks in the handling of the discy_update_options AJAX action allows any logged-in user (privilege as low as Subscriber) to modify theme options via a crafted POST to admin-ajax.php. Th...