Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Discy Security Vulnerabilities - January

cve
cve

CVE-2022-1323

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.

6.5CVSS

6.3AI Score

0.001EPSS

2022-08-08 02:15 PM
32
4
cve
cve

CVE-2022-1421

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

4.3CVSS

4.5AI Score

0.001EPSS

2022-06-08 10:15 AM
40
5
cve
cve

CVE-2022-1422

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.

6.5CVSS

6.3AI Score

0.001EPSS

2022-06-08 10:15 AM
44
5
cve
cve

CVE-2022-3343

The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another...

3.5CVSS

4AI Score

0.001EPSS

2023-01-09 11:15 PM
36