Lucene search
WPScanCVE-2022-3750HistoryNov 21, 2022 - 11:15 a.m.
CVE-2022-3750
2022-11-2111:15:20
CWE-352
WPScan
web.nvd.nist.gov
43
7
csrf
vulnerability
deletion
posts
unauthorized
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
AI Score
4.8
Confidence
High
EPSS
0.001
Percentile
25.9%
The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.
Affected configurations
Node
inkthemesask_meRange<6.8.7wordpress
CNA Affected
[
{
"vendor": "Unknown",
"product": "Ask me",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "6.8.7"
}
],
"defaultStatus": "unaffected"
}
]Social References
More
Related
prion
prion
Cross site request forgery (csrf)
2022-11-21 11:15:00
patchstack
patchstack
cnvd
cnvd
WordPress Ask Me plugin cross-site request forgery vulnerability
2022-11-23 00:00:00
cvelist
cvelist
CVE-2022-3750 Ask Me < 6.8.7 - Post Deletion via CSRF
2022-11-21 00:00:00
nvd
nvd
CVE-2022-3750
2022-11-21 11:15:20
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
AI Score
4.8
Confidence
High
EPSS
0.001
Percentile
25.9%
Related for CVE-2022-3750