PT-2023-20413 · Meks · Meks Smart Author Widget+9
Muhammad Daffa
·
Published
2023-10-03
·
Updated
2023-10-16
·
CVE-2023-25989
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Meks Video Importer (affected versions not specified)
Meks Time Ago (affected versions not specified)
Meks ThemeForest Smart Widget (affected versions not specified)
Meks Smart Author Widget (affected versions not specified)
Meks Audio Player (affected versions not specified)
Meks Easy Maps (affected versions not specified)
Meks Easy Photo Feed Widget (affected versions not specified)
Meks Simple Flickr Widget (affected versions not specified)
Meks Easy Ads Widget (affected versions not specified)
Meks Smart Social Widget (affected versions not specified)
Description
The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in several Meks plugins, which can lead to the dismissal of a popup. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Meks Audio Player
Meks Easy Ads Widget
Meks Easy Maps
Meks Easy Photo Feed Widget
Meks Simple Flickr Widget
Meks Smart Author Widget
Meks Smart Social Widget
Meks Themeforest Smart Widget
Meks Time Ago
Meks Video Importer