CVE-2022-1421

CVE-2022-1421: Discy < 5.2 - Settings Update via CSRF

Vendor Unknown
Product Discy
Weakness CWE-352 · CSRF
Published June 6, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

Key dates

02Disclosure timeline

June 6, 2022 CVE published
August 3, 2024 Record updated