Lucene search

[email protected]NVD:CVE-2022-1251

HistoryAug 22, 2022 - 3:15 p.m.

CVE-2022-1251

2022-08-2215:15:13

CWE-352

[email protected]

web.nvd.nist.gov

wordpress

security vulnerability

profile information

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

25.9%

JSON

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.

Affected configurations

Nvd

Node

inkthemesask_meRange<6.8.4wordpress

VendorProductVersionCPE
inkthemesask_me*cpe:2.3:a:inkthemes:ask_me:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
inkthemes	ask_me	*	cpe:2.3:a:inkthemes:ask_me::::::wordpress::*

References

wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

25.9%

JSON

Related for NVD:CVE-2022-1251

cvelist1 cve1 patchstack1 prion1