Cross site request forgery (csrf)

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discyresetoptions, allowing an attacker to trick an admin into resetting the site settings back to defaults...