CVE-2023-25989

Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks

Description

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup.

Remediation

Solution:

  • Update Meks Video Importer to 1.0.11 or a higher version.
  • Update Meks Time Ago to 1.1.7 or a higher version.
  • Update Meks ThemeForest Smart Widget to 1.5 or a higher version.
  • Update Meks Smart Author Widget to 1.1.4 or a higher version.
  • Update Meks Audio Player to 1.3 or a higher version.
  • Update Meks Easy Maps to 2.1.4 or a higher version.
  • Update Meks Easy Photo Feed Widget to 1.2.8 or a higher version.
  • Update Meks Simple Flickr Widget to 1.3 or a higher version.
  • Update Meks Easy Ads Widget to 2.0.8 or a higher version.
  • Update Meks Smart Social Widget to 1.6.1 or a higher version.

Category

4.3
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.23%
Third-Party Advisory patchstack.com Third-Party Advisory patchstack.com Third-Party Advisory patchstack.com Third-Party Advisory patchstack.com Third-Party Advisory patchstack.com Third-Party Advisory patchstack.com Third-Party Advisory patchstack.com Third-Party Advisory patchstack.com Third-Party Advisory patchstack.com Third-Party Advisory patchstack.com
Affected: Meks Meks Video Importer
Affected: Meks Meks Time Ago
Affected: Meks Meks ThemeForest Smart Widget
Affected: Meks Meks Smart Author Widget
Affected: Meks Meks Audio Player
Affected: Meks Meks Easy Maps
Affected: Meks Meks Easy Photo Feed Widget
Affected: Meks Meks Simple Flickr Widget
Affected: Meks Meks Easy Ads Widget
Affected: Meks Meks Smart Social Widget
Published at:
Updated at:

References

Link Tags
https://patchstack.com/database/vulnerability/meks-video-importer/wordpress-meks-video-importer-plugin-1-0-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve third party advisory vdb entry
https://patchstack.com/database/vulnerability/meks-time-ago/wordpress-meks-time-ago-plugin-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve third party advisory vdb entry
https://patchstack.com/database/vulnerability/meks-themeforest-smart-widget/wordpress-meks-themeforest-smart-widget-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve third party advisory vdb entry
https://patchstack.com/database/vulnerability/meks-smart-author-widget/wordpress-meks-smart-author-widget-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve third party advisory vdb entry
https://patchstack.com/database/vulnerability/meks-audio-player/wordpress-meks-audio-player-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve third party advisory vdb entry
https://patchstack.com/database/vulnerability/meks-easy-maps/wordpress-meks-easy-maps-plugin-2-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve third party advisory vdb entry
https://patchstack.com/database/vulnerability/meks-easy-instagram-widget/wordpress-meks-easy-photo-feed-widget-plugin-1-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve third party advisory vdb entry
https://patchstack.com/database/vulnerability/meks-simple-flickr-widget/wordpress-meks-simple-flickr-widget-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve third party advisory vdb entry
https://patchstack.com/database/vulnerability/meks-easy-ads-widget/wordpress-meks-easy-ads-widget-plugin-2-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve third party advisory vdb entry
https://patchstack.com/database/vulnerability/meks-smart-social-widget/wordpress-meks-smart-social-widget-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve third party advisory vdb entry

Frequently Asked Questions

What is the severity of CVE-2023-25989?
CVE-2023-25989 has been scored as a medium severity vulnerability.
How to fix CVE-2023-25989?
To fix CVE-2023-25989: Update Meks Video Importer to 1.0.11 or a higher version.
Is CVE-2023-25989 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-25989 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-25989?
CVE-2023-25989 affects Meks Meks Video Importer, Meks Meks Time Ago, Meks Meks ThemeForest Smart Widget, Meks Meks Smart Author Widget, Meks Meks Audio Player, Meks Meks Easy Maps, Meks Meks Easy Photo Feed Widget, Meks Meks Simple Flickr Widget, Meks Meks Easy Ads Widget, Meks Meks Smart Social Widget.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.