CVE-2022-1251
Ask Me < 6.8.4 - CSRF in Edit Profile
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
22 ago 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.
Productos afectados
Unknown · Ask me