exploitDog

CVE-2022-1251

Опубликовано: 22 авг. 2022

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.

Ссылки

https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:inkthemes:ask_me:*:*:*:*:*:wordpress:*:*

Версия до 6.8.4 (исключая)

EPSS

Процентиль: 31%

0.0012

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-c83j-mhmm-58g7

CVSS3: 4.3

github

больше 3 лет назад

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.

EPSS

Процентиль: 31%

0.0012

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

CWE-352