CVE-2022-3750

CWE-352Cross-Site Request Forgery (CSRF)CWE-416Use After Free4 documents4 sources
Severity
4.7MEDIUM
EPSS
0.2%
top 63.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown ASK MEInkthemes ASK ME
Timeline
PublishedNov 21
Latest updateMay 12

Description

The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/ask_me< 6.8.7
NVDinkthemes/ask_me< 6.8.7

🔴Vulnerability Details

2
CVEList
Ask Me < 6.8.7 - Post Deletion via CSRF2022-11-21
GHSA
GHSA-vw43-4r8p-cvx6: The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation2022-11-21

📋Vendor Advisories

1
Red Hat
QEMU: hcd-ehci: DMA reentrancy issue (incomplete fix for CVE-2021-3750)2023-05-12
CVE-2022-3750 (MEDIUM CVSS 4.7) | The has a CSRF vulnerability that a | cvebase.io