Lucene search

PatchstackCVE-2023-25989

HistoryOct 03, 2023 - 12:15 p.m.

CVE-2023-25989

2023-10-0312:15:10

CWE-352

Patchstack

web.nvd.nist.gov

cve-2023-25989

csrf

meks video importer

meks time ago

meks themeforest smart widget

meks smart author widget

meks audio player

meks easy maps

meks easy photo feed widget

meks simple flickr widget

meks easy ads widget

meks smart social widget

vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup.

Affected configurations

Nvd

Vulners

Node

mekshqmeks_audio_playerRange≤1.2wordpress

mekshqmeks_easy_ads_widgetRange≤2.0.7wordpress

mekshqmeks_easy_mapsRange≤2.1.3wordpress

mekshqmeks_easy_photo_feed_widgetRange≤1.2.7wordpress

mekshqmeks_simple_flickr_widgetRange≤1.2wordpress

mekshqmeks_smart_author_widgetRange≤1.1.3wordpress

mekshqmeks_smart_social_widgetRange≤1.6wordpress

mekshqmeks_themeforest_smart_widgetRange≤1.4wordpress

mekshqmeks_time_agoRange≤1.1.6wordpress

mekshqmeks_video_importerRange≤1.0.10wordpress

VendorProductVersionCPE
mekshqmeks_audio_player*cpe:2.3:a:mekshq:meks_audio_player:*:*:*:*:*:wordpress:*:*
mekshqmeks_easy_ads_widget*cpe:2.3:a:mekshq:meks_easy_ads_widget:*:*:*:*:*:wordpress:*:*
mekshqmeks_easy_maps*cpe:2.3:a:mekshq:meks_easy_maps:*:*:*:*:*:wordpress:*:*
mekshqmeks_easy_photo_feed_widget*cpe:2.3:a:mekshq:meks_easy_photo_feed_widget:*:*:*:*:*:wordpress:*:*
mekshqmeks_simple_flickr_widget*cpe:2.3:a:mekshq:meks_simple_flickr_widget:*:*:*:*:*:wordpress:*:*
mekshqmeks_smart_author_widget*cpe:2.3:a:mekshq:meks_smart_author_widget:*:*:*:*:*:wordpress:*:*
mekshqmeks_smart_social_widget*cpe:2.3:a:mekshq:meks_smart_social_widget:*:*:*:*:*:wordpress:*:*
mekshqmeks_themeforest_smart_widget*cpe:2.3:a:mekshq:meks_themeforest_smart_widget:*:*:*:*:*:wordpress:*:*
mekshqmeks_time_ago*cpe:2.3:a:mekshq:meks_time_ago:*:*:*:*:*:wordpress:*:*
mekshqmeks_video_importer*cpe:2.3:a:mekshq:meks_video_importer:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
mekshq	meks_audio_player	*	cpe:2.3:a:mekshq:meks_audio_player::::::wordpress::*
mekshq	meks_easy_ads_widget	*	cpe:2.3:a:mekshq:meks_easy_ads_widget::::::wordpress::*
mekshq	meks_easy_maps	*	cpe:2.3:a:mekshq:meks_easy_maps::::::wordpress::*
mekshq	meks_easy_photo_feed_widget	*	cpe:2.3:a:mekshq:meks_easy_photo_feed_widget::::::wordpress::*
mekshq	meks_simple_flickr_widget	*	cpe:2.3:a:mekshq:meks_simple_flickr_widget::::::wordpress::*
mekshq	meks_smart_author_widget	*	cpe:2.3:a:mekshq:meks_smart_author_widget::::::wordpress::*
mekshq	meks_smart_social_widget	*	cpe:2.3:a:mekshq:meks_smart_social_widget::::::wordpress::*
mekshq	meks_themeforest_smart_widget	*	cpe:2.3:a:mekshq:meks_themeforest_smart_widget::::::wordpress::*
mekshq	meks_time_ago	*	cpe:2.3:a:mekshq:meks_time_ago::::::wordpress::*
mekshq	meks_video_importer	*	cpe:2.3:a:mekshq:meks_video_importer::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-video-importer",
    "product": "Meks Video Importer",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.0.11",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.0.10",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-time-ago",
    "product": "Meks Time Ago",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.7",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.1.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-themeforest-smart-widget",
    "product": "Meks ThemeForest Smart Widget",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-smart-author-widget",
    "product": "Meks Smart Author Widget",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.1.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-audio-player",
    "product": "Meks Audio Player",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-easy-maps",
    "product": "Meks Easy Maps",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "2.1.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.1.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-easy-instagram-widget",
    "product": "Meks Easy Photo Feed Widget",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.2.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-simple-flickr-widget",
    "product": "Meks Simple Flickr Widget",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-easy-ads-widget",
    "product": "Meks Easy Ads Widget",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "2.0.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.0.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-smart-social-widget",
    "product": "Meks Smart Social Widget",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.6.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/meks-audio-player/wordpress-meks-audio-player-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-easy-ads-widget/wordpress-meks-easy-ads-widget-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-easy-instagram-widget/wordpress-meks-easy-photo-feed-widget-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-easy-maps/wordpress-meks-easy-maps-plugin-2-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-simple-flickr-widget/wordpress-meks-simple-flickr-widget-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-smart-author-widget/wordpress-meks-smart-author-widget-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-smart-social-widget/wordpress-meks-smart-social-widget-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-themeforest-smart-widget/wordpress-meks-themeforest-smart-widget-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-time-ago/wordpress-meks-time-ago-plugin-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-video-importer/wordpress-meks-video-importer-plugin-1-0-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Related for CVE-2023-25989