Inkthemes: Security Vulnerabilities
Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-22
The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.
CVSS Score
4.7
EPSS Score
0.001
Published
2022-11-21
The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-08-22
The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-16