Search criteria
8 vulnerabilities found for Ask me by Unknown
CVE-2022-3750 (GCVE-0-2022-3750)
Vulnerability from cvelistv5 – Published: 2022-11-21 00:00 – Updated: 2025-04-30 15:33
VLAI?
Title
Ask Me < 6.8.7 - Post Deletion via CSRF
Summary
The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.
Severity ?
4.7 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Srijan Adhikari
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5019db80-0356-497d-b488-a26a5de78676"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3750",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:33:05.766115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:33:32.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ask me",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Srijan Adhikari"
}
],
"descriptions": [
{
"lang": "en",
"value": "The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T13:40:40.092Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/5019db80-0356-497d-b488-a26a5de78676"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ask Me \u003c 6.8.7 - Post Deletion via CSRF",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3750",
"datePublished": "2022-11-21T00:00:00.000Z",
"dateReserved": "2022-10-28T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:33:32.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1251 (GCVE-0-2022-1251)
Vulnerability from cvelistv5 – Published: 2022-08-22 14:57 – Updated: 2024-08-02 23:55
VLAI?
Title
Ask Me < 6.8.4 - CSRF in Edit Profile
Summary
The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
WPScan team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ask me",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8.4",
"status": "affected",
"version": "6.8.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WPScan team"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T14:57:20",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ask Me \u003c 6.8.4 - CSRF in Edit Profile",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1251",
"STATE": "PUBLIC",
"TITLE": "Ask Me \u003c 6.8.4 - CSRF in Edit Profile"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ask me",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.8.4",
"version_value": "6.8.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WPScan team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1251",
"datePublished": "2022-08-22T14:57:20",
"dateReserved": "2022-04-06T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1424 (GCVE-0-2022-1424)
Vulnerability from cvelistv5 – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:03
VLAI?
Title
Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions
Summary
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
WPScanTeam
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ask me",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8.2",
"status": "affected",
"version": "6.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WPScanTeam"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:00",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ask Me \u003c 6.8.2 - Multiple CSRF in AJAX Actions",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1424",
"STATE": "PUBLIC",
"TITLE": "Ask Me \u003c 6.8.2 - Multiple CSRF in AJAX Actions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ask me",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.8.2",
"version_value": "6.8.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WPScanTeam"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1424",
"datePublished": "2022-06-06T08:51:00",
"dateReserved": "2022-04-21T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1241 (GCVE-0-2022-1241)
Vulnerability from cvelistv5 – Published: 2022-06-06 08:50 – Updated: 2024-08-02 23:55
VLAI?
Title
Ask Me < 6.8.2 - Reflected Cross-Site Scripting
Summary
The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Veshraj Ghimire
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ask me",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8.2",
"status": "affected",
"version": "6.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veshraj Ghimire"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:50:54",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ask Me \u003c 6.8.2 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1241",
"STATE": "PUBLIC",
"TITLE": "Ask Me \u003c 6.8.2 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ask me",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.8.2",
"version_value": "6.8.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veshraj Ghimire"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1241",
"datePublished": "2022-06-06T08:50:54",
"dateReserved": "2022-04-05T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3750 (GCVE-0-2022-3750)
Vulnerability from nvd – Published: 2022-11-21 00:00 – Updated: 2025-04-30 15:33
VLAI?
Title
Ask Me < 6.8.7 - Post Deletion via CSRF
Summary
The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.
Severity ?
4.7 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Srijan Adhikari
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5019db80-0356-497d-b488-a26a5de78676"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3750",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:33:05.766115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:33:32.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ask me",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Srijan Adhikari"
}
],
"descriptions": [
{
"lang": "en",
"value": "The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T13:40:40.092Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/5019db80-0356-497d-b488-a26a5de78676"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ask Me \u003c 6.8.7 - Post Deletion via CSRF",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3750",
"datePublished": "2022-11-21T00:00:00.000Z",
"dateReserved": "2022-10-28T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:33:32.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1251 (GCVE-0-2022-1251)
Vulnerability from nvd – Published: 2022-08-22 14:57 – Updated: 2024-08-02 23:55
VLAI?
Title
Ask Me < 6.8.4 - CSRF in Edit Profile
Summary
The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
WPScan team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ask me",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8.4",
"status": "affected",
"version": "6.8.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WPScan team"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T14:57:20",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ask Me \u003c 6.8.4 - CSRF in Edit Profile",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1251",
"STATE": "PUBLIC",
"TITLE": "Ask Me \u003c 6.8.4 - CSRF in Edit Profile"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ask me",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.8.4",
"version_value": "6.8.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WPScan team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1251",
"datePublished": "2022-08-22T14:57:20",
"dateReserved": "2022-04-06T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1424 (GCVE-0-2022-1424)
Vulnerability from nvd – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:03
VLAI?
Title
Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions
Summary
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
WPScanTeam
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ask me",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8.2",
"status": "affected",
"version": "6.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WPScanTeam"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:00",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ask Me \u003c 6.8.2 - Multiple CSRF in AJAX Actions",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1424",
"STATE": "PUBLIC",
"TITLE": "Ask Me \u003c 6.8.2 - Multiple CSRF in AJAX Actions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ask me",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.8.2",
"version_value": "6.8.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WPScanTeam"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1424",
"datePublished": "2022-06-06T08:51:00",
"dateReserved": "2022-04-21T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1241 (GCVE-0-2022-1241)
Vulnerability from nvd – Published: 2022-06-06 08:50 – Updated: 2024-08-02 23:55
VLAI?
Title
Ask Me < 6.8.2 - Reflected Cross-Site Scripting
Summary
The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Veshraj Ghimire
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ask me",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8.2",
"status": "affected",
"version": "6.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veshraj Ghimire"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:50:54",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ask Me \u003c 6.8.2 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1241",
"STATE": "PUBLIC",
"TITLE": "Ask Me \u003c 6.8.2 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ask me",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.8.2",
"version_value": "6.8.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veshraj Ghimire"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1241",
"datePublished": "2022-06-06T08:50:54",
"dateReserved": "2022-04-05T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}