Vulnerabilities > Inkthemes

DATE CVE VULNERABILITY TITLE RISK
2023-05-22 CVE-2023-25447 Unspecified vulnerability in Inkthemes Colorway
Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions.
network
low complexity
inkthemes
8.8
2022-11-21 CVE-2022-3750 Cross-Site Request Forgery (CSRF) vulnerability in Inkthemes ASK ME 6.8.4
The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.
network
low complexity
inkthemes CWE-352
4.7
2022-08-22 CVE-2022-1251 Cross-Site Request Forgery (CSRF) vulnerability in Inkthemes ASK ME
The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.
network
low complexity
inkthemes CWE-352
4.3
2019-09-16 CVE-2016-10961 Cross-site Scripting vulnerability in Inkthemes Colorway
The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.
network
low complexity
inkthemes CWE-79
6.1