Nb1B3K

**Name of the Vulnerable Software and Affected Versions** Discy WordPress theme versions prior to 5.2 **Description** The issue allows an attacker to make a logged-in admin change arbitrary settings, including payment methods, via a CSRF attack due to the lack of CSRF checks in some AJAX actions. **Recommendations** For versions prior to 5.2, update to version 5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions that lack CSRF checks until a patch is available.