Skip to main content

Meks Smart Social Widget

2 CVEs product

Monthly

CVE-2024-0664 MEDIUM PATCH This Month

The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Meks Smart Social Widget
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-25989 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Meks Audio Player Meks Easy Ads Widget Meks Easy Maps Meks Easy Photo Feed Widget +6
NVD
CVSS 3.1
8.8
EPSS
0.4%
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Meks Smart Social Widget
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Meks Audio Player Meks Easy Ads Widget +8
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy