CVE-2023-25989

Summary

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup.

Affected Software

VendorProductVersion RangeStatus
MeksMeks Video Importern/a <= 1.0.10affected
MeksMeks Time Agon/a <= 1.1.6affected
MeksMeks ThemeForest Smart Widgetn/a <= 1.4affected
MeksMeks Smart Author Widgetn/a <= 1.1.3affected
MeksMeks Audio Playern/a <= 1.2affected
MeksMeks Easy Mapsn/a <= 2.1.3affected
MeksMeks Easy Photo Feed Widgetn/a <= 1.2.7affected
MeksMeks Simple Flickr Widgetn/a <= 1.2affected
MeksMeks Easy Ads Widgetn/a <= 2.0.7affected
MeksMeks Smart Social Widgetn/a <= 1.6affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References