Security Advisory

CVE-2022-1251

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-22 14:57:20

Last updated 2024-08-02 23:55:24

Assigner WPScan

State PUBLISHED

Description

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.

← Browse all CVEs View on cve.org ↗