Vulnerability Description
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 2Code | Ask Me | < 6.8.2 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05ExploitThird Party Advisory
- https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05ExploitThird Party Advisory
FAQ
What is CVE-2022-1424?
CVE-2022-1424 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.
How severe is CVE-2022-1424?
CVE-2022-1424 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1424?
Check the references section above for vendor advisories and patch information. Affected products include: 2Code Ask Me.