← back
CVE-2022-1251

Ask Me < 6.8.4 - CSRF in Edit Profile

EPSS 0.3%CWE-352
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.
Affected products
Unknown · Ask me