CVE-2024-6599

Name of the Vulnerable Software and Affected Versions Meks Video Importer plugin for WordPress versions up to, and including, 1.0.11

Description The issue arises from a missing capability check on the ajax save settings function, allowing authenticated attackers with Subscriber-level access and above to modify the plugin's API keys. This can be done through the ajax save settings function.

Recommendations For versions up to, and including, 1.0.11, consider disabling the ajax save settings function until a patch is available to prevent unauthorized API key modification. Restrict access to the plugin's settings to minimize the risk of exploitation. Avoid using the plugin with Subscriber-level access and above until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.