CVE-2022-1421

Опубликовано: 08 июн. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/a7a24e8e-9056-4967-bcad-b96cc0c5b249
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a7a24e8e-9056-4967-bcad-b96cc0c5b249
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:2code:discy:*:*:*:*:*:wordpress:*:*

Версия до 5.2 (исключая)

EPSS

Процентиль: 92%

0.07615

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-mpq8-cm6q-wpq8

CVSS3: 4.3

github

больше 3 лет назад

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

EPSS

Процентиль: 92%

0.07615

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352