CVE-2022-1424

CWE-352 — Cross-Site Request Forgery (CSRF)CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 65.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown ASK ME 2code ASK ME

Timeline

PublishedJun 8

Latest updateJun 18

Description

The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVD2code/ask_me< 6.8.2

▶CVEListV5unknown/ask_me6.8.2 — 6.8.2

🔴Vulnerability Details

GHSA

GHSA-gw4p-2m2w-qw96: The Ask me WordPress theme before 6↗2022-06-09

▶

CVEList

Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions↗2022-06-06

▶

📋Vendor Advisories

Red Hat

kernel: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected↗2025-06-18

▶