CVE-2023-25989 — MEDIUM (4.3)

Q: How severe is CVE-2023-25989?

CVE-2023-25989 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-25989?

Check the references section above for vendor advisories and patch information. Affected products include: Mekshq Meks Audio Player, Mekshq Meks Easy Ads Widget, Mekshq Meks Easy Maps, Mekshq Meks Easy Photo Feed Widget, Mekshq Meks Simple Flickr Widget.

Vulnerability Description

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Mekshq	Meks Audio Player	<= 1.2
Mekshq	Meks Easy Ads Widget	<= 2.0.7
Mekshq	Meks Easy Maps	<= 2.1.3
Mekshq	Meks Easy Photo Feed Widget	<= 1.2.7
Mekshq	Meks Simple Flickr Widget	<= 1.2
Mekshq	Meks Smart Author Widget	<= 1.1.3
Mekshq	Meks Smart Social Widget	<= 1.6
Mekshq	Meks Themeforest Smart Widget	<= 1.4
Mekshq	Meks Time Ago	<= 1.1.6
Mekshq	Meks Video Importer	<= 1.0.10

Related Weaknesses (CWE)

CWE-352

References

https://patchstack.com/database/vulnerability/meks-audio-player/wordpress-meks-aThird Party Advisory
https://patchstack.com/database/vulnerability/meks-easy-ads-widget/wordpress-mekThird Party Advisory
https://patchstack.com/database/vulnerability/meks-easy-instagram-widget/wordpreThird Party Advisory
https://patchstack.com/database/vulnerability/meks-easy-maps/wordpress-meks-easyThird Party Advisory
https://patchstack.com/database/vulnerability/meks-simple-flickr-widget/wordpresThird Party Advisory
https://patchstack.com/database/vulnerability/meks-smart-author-widget/wordpressThird Party Advisory
https://patchstack.com/database/vulnerability/meks-smart-social-widget/wordpressThird Party Advisory
https://patchstack.com/database/vulnerability/meks-themeforest-smart-widget/wordThird Party Advisory
https://patchstack.com/database/vulnerability/meks-time-ago/wordpress-meks-time-Third Party Advisory
https://patchstack.com/database/vulnerability/meks-video-importer/wordpress-meksThird Party Advisory
https://patchstack.com/database/vulnerability/meks-audio-player/wordpress-meks-aThird Party Advisory
https://patchstack.com/database/vulnerability/meks-easy-ads-widget/wordpress-mekThird Party Advisory
https://patchstack.com/database/vulnerability/meks-easy-instagram-widget/wordpreThird Party Advisory
https://patchstack.com/database/vulnerability/meks-easy-maps/wordpress-meks-easyThird Party Advisory
https://patchstack.com/database/vulnerability/meks-simple-flickr-widget/wordpresThird Party Advisory

FAQ

What is CVE-2023-25989?

CVE-2023-25989 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed ...

How severe is CVE-2023-25989?

CVE-2023-25989 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-25989?

Check the references section above for vendor advisories and patch information. Affected products include: Mekshq Meks Audio Player, Mekshq Meks Easy Ads Widget, Mekshq Meks Easy Maps, Mekshq Meks Easy Photo Feed Widget, Mekshq Meks Simple Flickr Widget.