CVE-2023-25989

{"id": "CVE-2023-25989", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-10-03T12:15:10.243", "references": [{"url": "https://patchstack.com/database/vulnerability/meks-audio-player/wordpress-meks-audio-player-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/meks-easy-ads-widget/wordpress-meks-easy-ads-widget-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/meks-easy-instagram-widget/wordpress-meks-easy-photo-feed-widget-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/meks-easy-maps/wordpress-meks-easy-maps-plugin-2-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/meks-simple-flickr-widget/wordpress-meks-simple-flickr-widget-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/meks-smart-author-widget/wordpress-meks-smart-author-widget-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/meks-smart-social-widget/wordpress-meks-smart-social-widget-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/meks-themeforest-smart-widget/wordpress-meks-themeforest-smart-widget-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/meks-time-ago/wordpress-meks-time-ago-plugin-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/meks-video-importer/wordpress-meks-video-importer-plugin-1-0-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/meks-audio-player/wordpress-meks-audio-player-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://patchstack.com/database/vulnerability/meks-easy-ads-widget/wordpress-meks-easy-ads-widget-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://patchstack.com/database/vulnerability/meks-easy-instagram-widget/wordpress-meks-easy-photo-feed-widget-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://patchstack.com/database/vulnerability/meks-easy-maps/wordpress-meks-easy-maps-plugin-2-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://patchstack.com/database/vulnerability/meks-simple-flickr-widget/wordpress-meks-simple-flickr-widget-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://patchstack.com/database/vulnerability/meks-smart-author-widget/wordpress-meks-smart-author-widget-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://patchstack.com/database/vulnerability/meks-smart-social-widget/wordpress-meks-smart-social-widget-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://patchstack.com/database/vulnerability/meks-themeforest-smart-widget/wordpress-meks-themeforest-smart-widget-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://patchstack.com/database/vulnerability/meks-time-ago/wordpress-meks-time-ago-plugin-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://patchstack.com/database/vulnerability/meks-video-importer/wordpress-meks-video-importer-plugin-1-0-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to\u00a0dismiss or the popup."}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, complementos de Meks Smart Social Widget que llevan a descartar o a la ventana emergente."}], "lastModified": "2024-11-21T07:50:34.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mekshq:meks_audio_player:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "EC02B0CC-ED27-4331-B543-EE8C454F4AA7", "versionEndIncluding": "1.2"}, {"criteria": "cpe:2.3:a:mekshq:meks_easy_ads_widget:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "943CF6C8-CE04-4BCA-A795-583E445C21D9", "versionEndIncluding": "2.0.7"}, {"criteria": "cpe:2.3:a:mekshq:meks_easy_maps:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "BF931F5A-5D01-4628-B6B4-07D4240369EC", "versionEndIncluding": "2.1.3"}, {"criteria": "cpe:2.3:a:mekshq:meks_easy_photo_feed_widget:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0DC9E401-9C5F-4201-86DE-885CAA90E733", "versionEndIncluding": "1.2.7"}, {"criteria": "cpe:2.3:a:mekshq:meks_simple_flickr_widget:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "368EC2E4-83F6-4585-B785-FD53DD560E4B", "versionEndIncluding": "1.2"}, {"criteria": "cpe:2.3:a:mekshq:meks_smart_author_widget:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D897F092-B8F6-48F7-B708-9D02B9CBC550", "versionEndIncluding": "1.1.3"}, {"criteria": "cpe:2.3:a:mekshq:meks_smart_social_widget:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6AB00D03-7628-464A-AA3E-9F8F0D2E7E69", "versionEndIncluding": "1.6"}, {"criteria": "cpe:2.3:a:mekshq:meks_themeforest_smart_widget:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "20F4C22F-6C64-4976-A29E-6300F494E53C", "versionEndIncluding": "1.4"}, {"criteria": "cpe:2.3:a:mekshq:meks_time_ago:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7FC60AB4-9876-4AE6-99F9-F97007A9FDC8", "versionEndIncluding": "1.1.6"}, {"criteria": "cpe:2.3:a:mekshq:meks_video_importer:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A68C994C-0276-4273-85F2-19EE23EFCECE", "versionEndIncluding": "1.0.10"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}