Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks
CVE-2023-25989

8.8HIGH

Key Information:

Vendor

WordPress
Status
Meks Video Importer
Meks Time Ago
Meks ThemeForest Smart Widget
Meks Smart Author Widget
Vendor
CVE Published:
3 October 2023

What is CVE-2023-25989?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in several Meks plugins for WordPress. This vulnerability could allow attackers to manipulate a user's interaction with the affected plugin, potentially leading to unauthorized actions without user consent. Users are advised to update to the latest versions of the plugins to mitigate potential security risks.

Affected Version(s)

Meks Audio Player <= 1.2

Meks Easy Ads Widget <= 2.0.7

Meks Easy Maps <= 2.1.3

References

https://patchstack.com/database/vulnerability/meks-video-...
vdb-entry
https://patchstack.com/database/vulnerability/meks-time-a...
vdb-entry
https://patchstack.com/database/vulnerability/meks-themef...
vdb-entry

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Muhammad Daffa (Patchstack Alliance)
.