Lucene search

PatchstackCVELIST:CVE-2023-25989

HistoryOct 03, 2023 - 11:00 a.m.

CVE-2023-25989 Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks

2023-10-0311:00:33

CWE-352

Patchstack

www.cve.org

cve-2023-25989

cross-site request forgery

wordpress plugins

meks

security vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-video-importer",
    "product": "Meks Video Importer",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.0.11",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.0.10",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-time-ago",
    "product": "Meks Time Ago",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.7",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.1.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-themeforest-smart-widget",
    "product": "Meks ThemeForest Smart Widget",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-smart-author-widget",
    "product": "Meks Smart Author Widget",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.1.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-audio-player",
    "product": "Meks Audio Player",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-easy-maps",
    "product": "Meks Easy Maps",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "2.1.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.1.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-easy-instagram-widget",
    "product": "Meks Easy Photo Feed Widget",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.2.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-simple-flickr-widget",
    "product": "Meks Simple Flickr Widget",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-easy-ads-widget",
    "product": "Meks Easy Ads Widget",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "2.0.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.0.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "meks-smart-social-widget",
    "product": "Meks Smart Social Widget",
    "vendor": "Meks",
    "versions": [
      {
        "changes": [
          {
            "at": "1.6.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/meks-audio-player/wordpress-meks-audio-player-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-easy-ads-widget/wordpress-meks-easy-ads-widget-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-easy-instagram-widget/wordpress-meks-easy-photo-feed-widget-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-easy-maps/wordpress-meks-easy-maps-plugin-2-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-simple-flickr-widget/wordpress-meks-simple-flickr-widget-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-smart-author-widget/wordpress-meks-smart-author-widget-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-smart-social-widget/wordpress-meks-smart-social-widget-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-themeforest-smart-widget/wordpress-meks-themeforest-smart-widget-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-time-ago/wordpress-meks-time-ago-plugin-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/meks-video-importer/wordpress-meks-video-importer-plugin-1-0-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Related for CVELIST:CVE-2023-25989