Inkthemes Ask Me vulnerabilities
2 known vulnerabilities affecting inkthemes/ask_me.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-3750MEDIUMCVSS 4.7fixed in 6.8.72022-11-21
CVE-2022-3750 [MEDIUM] CWE-352 CVE-2022-3750: The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting
The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.
nvd
CVE-2022-1251MEDIUMCVSS 4.3fixed in 6.8.42022-08-22
CVE-2022-1251 [MEDIUM] CWE-352 CVE-2022-1251: The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests
The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.
nvd