CVE-2022-1323

Summary

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.

Affected Software

VendorProductVersion RangeStatus
UnknownDiscy0 < 5.0affected

Weaknesses

  • CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References