CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6599 – Meks Video Importer <= 1.0.11 - Missing Authorization to Authenticated (Subscriber+) API Keys Modification
https://notcve.org/view.php?id=CVE-2024-6599
17 Jul 2024 — The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajax_save_settings function in all versions up to, and including, 1.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's API keys El complemento Meks Video Importer para WordPress es vulnerable a modificaciones no autorizadas de la clave API debido a una falta de verificación de capacidad en la función aja... • https://plugins.trac.wordpress.org/browser/meks-video-importer/trunk/includes/class.meks-video-importer-vimeo.php#L74 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38733 – WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-38733
11 Jul 2024 — Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12. The Meks Video Importer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/meks-video-importer/wordpress-meks-video-importer-plugin-1-0-11-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-25989 – Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks
https://notcve.org/view.php?id=CVE-2023-25989
26 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks E... • https://patchstack.com/database/vulnerability/meks-audio-player/wordpress-meks-audio-player-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •