Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for ask_me by 2code
CVE-2022-1424 (GCVE-0-2022-1424)
Vulnerability from nvd – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:03
VLAI
Title
Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions
Summary
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/147b4097-dec8-45… | x_refsource_MISC |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ask me",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8.2",
"status": "affected",
"version": "6.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WPScanTeam"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ask Me \u003c 6.8.2 - Multiple CSRF in AJAX Actions",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1424",
"STATE": "PUBLIC",
"TITLE": "Ask Me \u003c 6.8.2 - Multiple CSRF in AJAX Actions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ask me",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.8.2",
"version_value": "6.8.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WPScanTeam"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1424",
"datePublished": "2022-06-06T08:51:00.000Z",
"dateReserved": "2022-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1241 (GCVE-0-2022-1241)
Vulnerability from nvd – Published: 2022-06-06 08:50 – Updated: 2024-08-02 23:55
VLAI
Title
Ask Me < 6.8.2 - Reflected Cross-Site Scripting
Summary
The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/3258393a-eafb-43… | x_refsource_MISC |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ask me",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8.2",
"status": "affected",
"version": "6.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veshraj Ghimire"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:50:54.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ask Me \u003c 6.8.2 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1241",
"STATE": "PUBLIC",
"TITLE": "Ask Me \u003c 6.8.2 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ask me",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.8.2",
"version_value": "6.8.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veshraj Ghimire"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1241",
"datePublished": "2022-06-06T08:50:54.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1424 (GCVE-0-2022-1424)
Vulnerability from cvelistv5 – Published: 2022-06-06 08:51 – Updated: 2024-08-03 00:03
VLAI
Title
Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions
Summary
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/147b4097-dec8-45… | x_refsource_MISC |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ask me",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8.2",
"status": "affected",
"version": "6.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WPScanTeam"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:51:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ask Me \u003c 6.8.2 - Multiple CSRF in AJAX Actions",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1424",
"STATE": "PUBLIC",
"TITLE": "Ask Me \u003c 6.8.2 - Multiple CSRF in AJAX Actions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ask me",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.8.2",
"version_value": "6.8.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WPScanTeam"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/147b4097-dec8-4542-b122-7b237db81c05"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1424",
"datePublished": "2022-06-06T08:51:00.000Z",
"dateReserved": "2022-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1241 (GCVE-0-2022-1241)
Vulnerability from cvelistv5 – Published: 2022-06-06 08:50 – Updated: 2024-08-02 23:55
VLAI
Title
Ask Me < 6.8.2 - Reflected Cross-Site Scripting
Summary
The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/3258393a-eafb-43… | x_refsource_MISC |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ask me",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.8.2",
"status": "affected",
"version": "6.8.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veshraj Ghimire"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:50:54.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ask Me \u003c 6.8.2 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1241",
"STATE": "PUBLIC",
"TITLE": "Ask Me \u003c 6.8.2 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ask me",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.8.2",
"version_value": "6.8.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veshraj Ghimire"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1241",
"datePublished": "2022-06-06T08:50:54.000Z",
"dateReserved": "2022-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}