Security Advisory

CVE-2022-1422

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-06-06 08:50:59

Last updated 2024-08-03 00:03:06

Assigner WPScan

State PUBLISHED

Description

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.

← Browse all CVEs View on cve.org ↗