VYPR
Medium severity6.5NVD Advisory· Published Aug 8, 2022· Updated Jun 17, 2026

CVE-2022-1323

CVE-2022-1323

Description

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.