Inkthemes

inkthemes

4 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-25447 1Inkthemes 1Colorway Jun 17, 2026 May 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions.
CVE-2022-3750 1Inkthemes 1Ask Me Jun 17, 2026 Nov 21, 2022 N/A· v4 4.7 MEDIUM· v3 N/A· v2 The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.
CVE-2022-1251 1Inkthemes 1Ask Me Jun 17, 2026 Aug 22, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted...Show more The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.Show less
CVE-2016-10961 1Inkthemes 1Colorway Nov 21, 2024 Sep 16, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.