CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-25989 – Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks
https://notcve.org/view.php?id=CVE-2023-25989
26 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks E... • https://patchstack.com/database/vulnerability/meks-audio-player/wordpress-meks-audio-player-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24958 – Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS
https://notcve.org/view.php?id=CVE-2021-24958
10 Nov 2021 — The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site Scripting payloads in them El plugin Meks Easy Photo Feed de WordPress versiones anteriores a 1.2.4, no presenta comprobaciones de capacidad y CSRF en la acción AJA... • https://wpscan.com/vulnerability/011c2519-fd84-4c95-b8b8-23654af59d70 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •