CVE-2022-1251

Published: Aug 22, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.

Vendor	Product	Versions
Unknown	Ask me	affected `6.8.4 - < 6.8.4`

Weaknesses (CWE)

CWE-352

References

https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-1251

Description

Affected Products

Weaknesses (CWE)

References