Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Ask me by Unknown

    CVE-2022-3750 (GCVE-0-2022-3750)

    Vulnerability from nvd – Published: 2022-11-21 00:00 – Updated: 2025-04-30 15:33
    VLAI
    Title
    Ask Me < 6.8.7 - Post Deletion via CSRF
    Summary
    The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/5019db80-0356-49… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Ask me Affected: 0 , < 6.8.7 (custom)
    Create a notification for this product.
    Credits
    Srijan Adhikari
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:20:58.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/5019db80-0356-497d-b488-a26a5de78676"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3750",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-30T15:33:05.766115Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-30T15:33:32.639Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ask me",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Srijan Adhikari"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The  has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-29T13:40:40.092Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/5019db80-0356-497d-b488-a26a5de78676"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Ask Me \u003c 6.8.7 - Post Deletion via CSRF",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-3750",
        "datePublished": "2022-11-21T00:00:00.000Z",
        "dateReserved": "2022-10-28T00:00:00.000Z",
        "dateUpdated": "2025-04-30T15:33:32.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1251 (GCVE-0-2022-1251)

    Vulnerability from nvd – Published: 2022-08-22 14:57 – Updated: 2024-08-02 23:55
    VLAI
    Title
    Ask Me < 6.8.4 - CSRF in Edit Profile
    Summary
    The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Ask me Affected: 6.8.4 , < 6.8.4 (custom)
    Create a notification for this product.
    Credits
    WPScan team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ask me",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.4",
                  "status": "affected",
                  "version": "6.8.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WPScan team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-22T14:57:20.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Ask Me \u003c 6.8.4 - CSRF in Edit Profile",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1251",
              "STATE": "PUBLIC",
              "TITLE": "Ask Me \u003c 6.8.4 - CSRF in Edit Profile"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ask me",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.8.4",
                                "version_value": "6.8.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WPScan team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1251",
        "datePublished": "2022-08-22T14:57:20.000Z",
        "dateReserved": "2022-04-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1424 (GCVE-0-2022-1424)

    Vulnerability from nvd – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:03
    VLAI
    Title
    Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions
    Summary
    The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Ask me Affected: 6.8.2 , < 6.8.2 (custom)
    Create a notification for this product.
    Credits
    WPScanTeam
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.104Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ask me",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "6.8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WPScanTeam"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-06T08:51:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Ask Me \u003c 6.8.2 - Multiple CSRF in AJAX Actions",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1424",
              "STATE": "PUBLIC",
              "TITLE": "Ask Me \u003c 6.8.2 - Multiple CSRF in AJAX Actions"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ask me",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.8.2",
                                "version_value": "6.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WPScanTeam"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1424",
        "datePublished": "2022-06-06T08:51:00.000Z",
        "dateReserved": "2022-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:03:06.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1241 (GCVE-0-2022-1241)

    Vulnerability from nvd – Published: 2022-06-06 08:50 – Updated: 2024-08-02 23:55
    VLAI
    Title
    Ask Me < 6.8.2 - Reflected Cross-Site Scripting
    Summary
    The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Ask me Affected: 6.8.2 , < 6.8.2 (custom)
    Create a notification for this product.
    Credits
    Veshraj Ghimire
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ask me",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "6.8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Veshraj Ghimire"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-06T08:50:54.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Ask Me \u003c 6.8.2 - Reflected Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1241",
              "STATE": "PUBLIC",
              "TITLE": "Ask Me \u003c 6.8.2 - Reflected Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ask me",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.8.2",
                                "version_value": "6.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Veshraj Ghimire"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1241",
        "datePublished": "2022-06-06T08:50:54.000Z",
        "dateReserved": "2022-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3750 (GCVE-0-2022-3750)

    Vulnerability from cvelistv5 – Published: 2022-11-21 00:00 – Updated: 2025-04-30 15:33
    VLAI
    Title
    Ask Me < 6.8.7 - Post Deletion via CSRF
    Summary
    The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/5019db80-0356-49… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Ask me Affected: 0 , < 6.8.7 (custom)
    Create a notification for this product.
    Credits
    Srijan Adhikari
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:20:58.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/5019db80-0356-497d-b488-a26a5de78676"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3750",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-30T15:33:05.766115Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-30T15:33:32.639Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ask me",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Srijan Adhikari"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The  has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-29T13:40:40.092Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/5019db80-0356-497d-b488-a26a5de78676"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Ask Me \u003c 6.8.7 - Post Deletion via CSRF",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-3750",
        "datePublished": "2022-11-21T00:00:00.000Z",
        "dateReserved": "2022-10-28T00:00:00.000Z",
        "dateUpdated": "2025-04-30T15:33:32.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1251 (GCVE-0-2022-1251)

    Vulnerability from cvelistv5 – Published: 2022-08-22 14:57 – Updated: 2024-08-02 23:55
    VLAI
    Title
    Ask Me < 6.8.4 - CSRF in Edit Profile
    Summary
    The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Ask me Affected: 6.8.4 , < 6.8.4 (custom)
    Create a notification for this product.
    Credits
    WPScan team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ask me",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.4",
                  "status": "affected",
                  "version": "6.8.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WPScan team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-22T14:57:20.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Ask Me \u003c 6.8.4 - CSRF in Edit Profile",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1251",
              "STATE": "PUBLIC",
              "TITLE": "Ask Me \u003c 6.8.4 - CSRF in Edit Profile"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ask me",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.8.4",
                                "version_value": "6.8.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WPScan team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1251",
        "datePublished": "2022-08-22T14:57:20.000Z",
        "dateReserved": "2022-04-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1424 (GCVE-0-2022-1424)

    Vulnerability from cvelistv5 – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:03
    VLAI
    Title
    Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions
    Summary
    The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Ask me Affected: 6.8.2 , < 6.8.2 (custom)
    Create a notification for this product.
    Credits
    WPScanTeam
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.104Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ask me",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "6.8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WPScanTeam"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-06T08:51:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Ask Me \u003c 6.8.2 - Multiple CSRF in AJAX Actions",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1424",
              "STATE": "PUBLIC",
              "TITLE": "Ask Me \u003c 6.8.2 - Multiple CSRF in AJAX Actions"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ask me",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.8.2",
                                "version_value": "6.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WPScanTeam"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1424",
        "datePublished": "2022-06-06T08:51:00.000Z",
        "dateReserved": "2022-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:03:06.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1241 (GCVE-0-2022-1241)

    Vulnerability from cvelistv5 – Published: 2022-06-06 08:50 – Updated: 2024-08-02 23:55
    VLAI
    Title
    Ask Me < 6.8.2 - Reflected Cross-Site Scripting
    Summary
    The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Ask me Affected: 6.8.2 , < 6.8.2 (custom)
    Create a notification for this product.
    Credits
    Veshraj Ghimire
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ask me",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "6.8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Veshraj Ghimire"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-06T08:50:54.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Ask Me \u003c 6.8.2 - Reflected Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1241",
              "STATE": "PUBLIC",
              "TITLE": "Ask Me \u003c 6.8.2 - Reflected Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ask me",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.8.2",
                                "version_value": "6.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Veshraj Ghimire"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1241",
        "datePublished": "2022-06-06T08:50:54.000Z",
        "dateReserved": "2022-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }