VulnTitan VulnTitan Security command center
Theme Vulnerability Hub
Theme 3 known issues Latest disclosed Jul 12, 2022

Discy - Social Questions and Answers WordPress Theme Vulnerabilities

Review known vulnerability records for the WordPress theme Discy - Social Questions and Answers WordPress Theme (`discy`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2022-1323, CVE-2022-1421 and CVE-2022-1422, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
3
High or Critical
2
Patch Coverage
100%
Last Updated
Jan 22, 2024
Priority CVE Quick Links

Fast paths into Discy - Social Questions and Answers WordPress Theme CVE reports

Start with the highest-signal CVE records for this WordPress theme before scanning the full vulnerability feed.

Indexed CVEs
3
CVE-2022-1421 High 5.2
CVE-2022-1421 Discy - Social Questions and Answers WordPress Theme Cross-Site Request Forgery

Discy <= 5.1 - Cross-Site Request Forgery to Settings Update

CVE-2022-1422 High 5.2
CVE-2022-1422 Discy - Social Questions and Answers WordPress Theme Cross-Site Request Forgery

Discy <= 5.1 - Cross-Site Request Forgery to Settings Reset

CVE-2022-1323 Medium 5.0
CVE-2022-1323 Discy - Social Questions and Answers WordPress Theme Authorization Bypass

Discy - Social Questions and Answers WordPress Theme <= 4.9 - Missing Authorization

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Discy - Social Questions and Answers WordPress Theme so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
3 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 2 high severity findings.
Recent CVEs
CVE-2022-1323, CVE-2022-1421 and CVE-2022-1422
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Discy - Social Questions and Answers WordPress Theme

Sorted by latest disclosure date so newly published issues surface first.

Theme Medium Patched: Yes CVE-2022-1323
CVE-2022-1323: Discy - Social Questions and Answers WordPress Theme <= 4.9 - Missing Authorization

The "Discy - Social Questions and Answers WordPress Theme" theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the discy_update_options AJAX action in versions up to, and including, 4.9. This makes it possible for authenticated attackers...

Published
Jul 12, 2022
Patched Release
5.0
Affected Versions
Versions up to 4.9
Next Step
Update to 5.0 or newer if supported.
Open CVE-2022-1323 Report Open CVE Reference
Theme High Patched: Yes CVE-2022-1421
CVE-2022-1421: Discy <= 5.1 - Cross-Site Request Forgery to Settings Update

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

Published
May 16, 2022
Patched Release
5.2
Affected Versions
Versions before 5.2
Next Step
Update to 5.2 or newer if supported.
Open CVE-2022-1421 Report Open CVE Reference
Theme High Patched: Yes CVE-2022-1422
CVE-2022-1422: Discy <= 5.1 - Cross-Site Request Forgery to Settings Reset

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.

Published
May 16, 2022
Patched Release
5.2
Affected Versions
Versions before 5.2
Next Step
Update to 5.2 or newer if supported.
Open CVE-2022-1422 Report Open CVE Reference