Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ask_me by inkthemes

    CVE-2022-3750 (GCVE-0-2022-3750)

    Vulnerability from nvd – Published: 2022-11-21 00:00 – Updated: 2025-04-30 15:33
    VLAI
    Title
    Ask Me < 6.8.7 - Post Deletion via CSRF
    Summary
    The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/5019db80-0356-49… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Ask me Affected: 0 , < 6.8.7 (custom)
    Create a notification for this product.
    Credits
    Srijan Adhikari
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:20:58.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/5019db80-0356-497d-b488-a26a5de78676"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3750",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-30T15:33:05.766115Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-30T15:33:32.639Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ask me",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Srijan Adhikari"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The  has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-29T13:40:40.092Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/5019db80-0356-497d-b488-a26a5de78676"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Ask Me \u003c 6.8.7 - Post Deletion via CSRF",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-3750",
        "datePublished": "2022-11-21T00:00:00.000Z",
        "dateReserved": "2022-10-28T00:00:00.000Z",
        "dateUpdated": "2025-04-30T15:33:32.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1251 (GCVE-0-2022-1251)

    Vulnerability from nvd – Published: 2022-08-22 14:57 – Updated: 2024-08-02 23:55
    VLAI
    Title
    Ask Me < 6.8.4 - CSRF in Edit Profile
    Summary
    The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Ask me Affected: 6.8.4 , < 6.8.4 (custom)
    Create a notification for this product.
    Credits
    WPScan team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ask me",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.4",
                  "status": "affected",
                  "version": "6.8.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WPScan team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-22T14:57:20.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Ask Me \u003c 6.8.4 - CSRF in Edit Profile",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1251",
              "STATE": "PUBLIC",
              "TITLE": "Ask Me \u003c 6.8.4 - CSRF in Edit Profile"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ask me",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.8.4",
                                "version_value": "6.8.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WPScan team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1251",
        "datePublished": "2022-08-22T14:57:20.000Z",
        "dateReserved": "2022-04-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3750 (GCVE-0-2022-3750)

    Vulnerability from cvelistv5 – Published: 2022-11-21 00:00 – Updated: 2025-04-30 15:33
    VLAI
    Title
    Ask Me < 6.8.7 - Post Deletion via CSRF
    Summary
    The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/5019db80-0356-49… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Ask me Affected: 0 , < 6.8.7 (custom)
    Create a notification for this product.
    Credits
    Srijan Adhikari
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:20:58.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/5019db80-0356-497d-b488-a26a5de78676"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3750",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-30T15:33:05.766115Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-30T15:33:32.639Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ask me",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Srijan Adhikari"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The  has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-29T13:40:40.092Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/5019db80-0356-497d-b488-a26a5de78676"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Ask Me \u003c 6.8.7 - Post Deletion via CSRF",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-3750",
        "datePublished": "2022-11-21T00:00:00.000Z",
        "dateReserved": "2022-10-28T00:00:00.000Z",
        "dateUpdated": "2025-04-30T15:33:32.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1251 (GCVE-0-2022-1251)

    Vulnerability from cvelistv5 – Published: 2022-08-22 14:57 – Updated: 2024-08-02 23:55
    VLAI
    Title
    Ask Me < 6.8.4 - CSRF in Edit Profile
    Summary
    The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Ask me Affected: 6.8.4 , < 6.8.4 (custom)
    Create a notification for this product.
    Credits
    WPScan team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ask me",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.8.4",
                  "status": "affected",
                  "version": "6.8.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WPScan team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-22T14:57:20.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Ask Me \u003c 6.8.4 - CSRF in Edit Profile",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1251",
              "STATE": "PUBLIC",
              "TITLE": "Ask Me \u003c 6.8.4 - CSRF in Edit Profile"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ask me",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "6.8.4",
                                "version_value": "6.8.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WPScan team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1251",
        "datePublished": "2022-08-22T14:57:20.000Z",
        "dateReserved": "2022-04-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }