The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/2d8020e1-6489-4555-9956-2dc190aaa61b | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/2d8020e1-6489-4555-9956-2dc190aaa61b | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 06:40
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/2d8020e1-6489-4555-9956-2dc190aaa61b - Exploit, Third Party Advisory |
07 Nov 2023, 03:41
| Type | Values Removed | Values Added |
|---|---|---|
| CWE |
04 Jul 2023, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request. |
27 Jun 2023, 15:50
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-862 |
Information
Published : 2022-08-08 14:15
Updated : 2024-11-21 06:40
NVD link : CVE-2022-1323
Mitre link : CVE-2022-1323
CVE.ORG link : CVE-2022-1323
JSON object : View
Products Affected
2code
- discy
CWE
CWE-862
Missing Authorization