8.8
CVE-2023-25989
- EPSS 0.41%
- Veröffentlicht 03.10.2023 12:15:10
- Zuletzt bearbeitet 21.11.2024 07:50:34
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginMeks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification
Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup.
Mögliche Gegenmaßnahme
Meks Audio Player: Update to version 1.3, or a newer patched version
Meks Easy Ads Widget: Update to version 2.0.8, or a newer patched version
Meks Easy Photo Feed Widget: Update to version 1.2.8, or a newer patched version
Meks Easy Maps: Update to version 2.1.4, or a newer patched version
Meks Simple Flickr Widget: Update to version 1.3, or a newer patched version
Meks Smart Author Widget: Update to version 1.1.4, or a newer patched version
Meks Smart Social Widget: Update to version 1.6.1, or a newer patched version
Meks ThemeForest Smart Widget: Update to version 1.5, or a newer patched version
Meks Time Ago: Update to version 1.1.7, or a newer patched version
Meks Video Importer: Update to version 1.0.11, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Meks Audio Player
Version
*-1.2
SystemWordPress Plugin
≫
Produkt
Meks Easy Ads Widget
Version
*-2.0.7
SystemWordPress Plugin
≫
Produkt
Meks Easy Photo Feed Widget
Version
*-1.2.7
SystemWordPress Plugin
≫
Produkt
Meks Easy Maps
Version
*-2.1.3
SystemWordPress Plugin
≫
Produkt
Meks Simple Flickr Widget
Version
*-1.2
SystemWordPress Plugin
≫
Produkt
Meks Smart Author Widget
Version
*-1.1.3
SystemWordPress Plugin
≫
Produkt
Meks Smart Social Widget
Version
*-1.6
SystemWordPress Plugin
≫
Produkt
Meks ThemeForest Smart Widget
Version
*-1.4
SystemWordPress Plugin
≫
Produkt
Meks Time Ago
Version
*-1.1.6
SystemWordPress Plugin
≫
Produkt
Meks Video Importer
Version
*-1.0.10
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mekshq ≫ Meks Audio Player SwPlatformwordpress Version <= 1.2
Mekshq ≫ Meks Easy Ads Widget SwPlatformwordpress Version <= 2.0.7
Mekshq ≫ Meks Easy Maps SwPlatformwordpress Version <= 2.1.3
Mekshq ≫ Meks Easy Photo Feed Widget SwPlatformwordpress Version <= 1.2.7
Mekshq ≫ Meks Simple Flickr Widget SwPlatformwordpress Version <= 1.2
Mekshq ≫ Meks Smart Author Widget SwPlatformwordpress Version <= 1.1.3
Mekshq ≫ Meks Smart Social Widget SwPlatformwordpress Version <= 1.6
Mekshq ≫ Meks Themeforest Smart Widget SwPlatformwordpress Version <= 1.4
Mekshq ≫ Meks Time Ago SwPlatformwordpress Version <= 1.1.6
Mekshq ≫ Meks Video Importer SwPlatformwordpress Version <= 1.0.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.61 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.