2 matches found
CVE-2022-1422
CVE-2022-1422 concerns the WordPress theme Discy (versions before 5.2). The exposed issue is a CSRF in the AJAX endpoint discy_reset_options , which attackers can abuse to trick an admin into restoring site settings to defaults. Connected sources (Red Hat, CNVD, CVE lists, PatchStack/WP vuln DB) ...
CVE-2022-1422 Discy < 5.2 - Restore Default Settings via CSRF
The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discyresetoptions, allowing an attacker to trick an admin into resetting the site settings back to defaults...