exploitDog

GHSA-mpq8-cm6q-wpq8

Опубликовано: 09 июн. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

Ссылки

EPSS

Процентиль: 92%

0.07615

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2022-1421

CVSS3: 4.3

nvd

больше 3 лет назад

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

EPSS

Процентиль: 92%

0.07615

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352