Themes Vulnerabilities

Ask Me < 6.8.7 - Post Deletion via CSRF

Description

The plugin has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.

Proof of Concept

An attacker can log in to their own account, grab the link structure of the post-deletion request, and then forge it to the victim's post ID and send it to the victim. As soon as the victim accesses the link, the post will be deleted without asking for confirmation or using a nonce.

Affects Themes

ask-me
Fixed in 6.8.7

References

CVE
CVE-2022-3750

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.6 (medium)

Miscellaneous

Original Researcher
Srijan Adhikari
Submitter
Srijan Adhikari
Submitter twitter
srijanadk
Verified
Yes
WPVDB ID
5019db80-0356-497d-b488-a26a5de78676

Timeline

Publicly Published
2022-10-28 (about 1 years ago)
Added
2022-10-28 (about 1 years ago)
Last Updated
2022-10-31 (about 1 years ago)

Other

Published
Title
Published
2024-04-11
Title
Novelist < 1.2.3 - Cross-Site Request Forgery
Published
2023-10-22
Title
Userback < 1.0.14 - Arbitrary Settings Update via CSRF
Published
2023-10-26
Title
WP Knowledgebase <= 1.3.4 - CSRF
Published
2015-08-21
Title
WP Google Map Plugin < 2.3.10 - Multiple CSRF
Published
2021-05-08
Title
Zlick Paywall < 2.2.2 - CSRF Bypasses