CVE-2022-1251

CVE-2022-1251: Ask Me < 6.8.4 - CSRF in Edit Profile

Vendor Unknown
Product Ask me
Weakness CWE-352 · CSRF
Published August 22, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.

Key dates

02Disclosure timeline

August 22, 2022 CVE published
August 2, 2024 Record updated