ByteOS Network

NVD Vulnerability Details :

CVE-2022-1421

Analyzed

Source-contact@wpscan.com

Published At-08 Jun, 2022 | 10:15

Updated At-14 Jun, 2022 | 18:41

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

2code>>discy>>Versions before 5.2(exclusive)

cpe:2.3:a:2code:discy:*:*:*:*:*:wordpress:*:*

Weaknesses

CWE ID	Type	Source
CWE-352	Primary	contact@wpscan.com

References

Hyperlink	Source	Resource
https://wpscan.com/vulnerability/a7a24e8e-9056-4967-bcad-b96cc0c5b249	contact@wpscan.com	Exploit Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History