The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.
4.3CVSS
4.4AI Score
0.001EPSS
The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.
4.7CVSS
4.8AI Score
0.001EPSS