CVE-2022-1241 — MEDIUM (6.1)

Q: What is CVE-2022-1241?

CVE-2022-1241 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues

Q: How severe is CVE-2022-1241?

CVE-2022-1241 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-1241?

Check the references section above for vendor advisories and patch information. Affected products include: 2Code Ask Me.

Vulnerability Description

The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
2Code	Ask Me	< 6.8.2

Related Weaknesses (CWE)

CWE-79

References

https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9bExploitThird Party Advisory
https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9bExploitThird Party Advisory

FAQ

What is CVE-2022-1241?

CVE-2022-1241 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues

How severe is CVE-2022-1241?

CVE-2022-1241 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1241?

Check the references section above for vendor advisories and patch information. Affected products include: 2Code Ask Me.