Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
2codeDiscy

3 matches found

CVE
CVEadded 2022/06/06 8:50 a.m.67 views

CVE-2022-1422

CVE-2022-1422 concerns the WordPress theme Discy (versions before 5.2). The exposed issue is a CSRF in the AJAX endpoint discy_reset_options , which attackers can abuse to trick an admin into restoring site settings to defaults. Connected sources (Red Hat, CNVD, CVE lists, PatchStack/WP vuln DB) ...

6.5CVSS6.4AI score0.00103EPSS
Web
CVE
CVEadded 2022/08/08 1:45 p.m.65 views

CVE-2022-1323

The CVE-2022-1323 entry concerns the Discy WordPress theme prior to version 5.0, where a lack of authorization checks in the handling of the discy_update_options AJAX action allows any logged-in user (privilege as low as Subscriber) to modify theme options via a crafted POST to admin-ajax.php. Th...

6.5CVSS6.3AI score0.00319EPSS
Web
CVE
CVEadded 2022/06/06 8:50 a.m.61 views

CVE-2022-1421

CVE-2022-1421 pertains to the Discy WordPress theme (versions prior to 5.2). The vulnerability is a cross-site request forgery (CSRF) flaw in certain AJAX actions that allows an authenticated attacker (with admin privileges) to modify settings, including payment methods. Impact is limited to admi...

4.3CVSS4.5AI score0.07615EPSS
Web