CVE-2022-1424

Published: Jun 8, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.

Affected (1)

Products: 2code: Ask Me

2code

1 product

Ask Me

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
2code Ask Me	Before 6.8.2

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.