GCVE - cpe:2.3:a:mekshq:meks_smart_social_widget:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mekshq:meks_smart_social_widget:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Mekshq (`81f8bda9-9d6a-50cd-b427-dc7e3a439bbf`)
Product	Meks Smart Social Widget (`e973f53d-b88b-5daf-b470-f3ef2aefeb1b`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wp-plugins/meks-smart-social-widget`	purl2cpe	2026-06-01 10:12:58.466285
`pkg:github/wpplugins/meks-smart-social-widget`	purl2cpe	2026-06-01 10:12:58.466287

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-0664`	vulnerable	2026-06-03 14:54:03.201036	Meks Smart Social Widget <= 1.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting MEDIUM (4.4) The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Published: 2024-01-27T03:32:45.329Z Updated: 2026-04-08T17:00:41.611Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/722aae99-fcfb-4234-9245-5db57aaa03c5?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027347%40meks-smart-social-widget&new=3027347%40meks-smart-social-widget&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-25989`	vulnerable	2026-06-03 14:50:27.577744	Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup. Published: 2023-10-03T11:00:33.837Z Updated: 2026-04-28T16:08:11.292Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/meks-video-importer/wordpress-meks-video-importer-plugin-1-0-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/meks-time-ago/wordpress-meks-time-ago-plugin-1-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/meks-themeforest-smart-widget/wordpress-meks-themeforest-smart-widget-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/meks-smart-author-widget/wordpress-meks-smart-author-widget-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/meks-audio-player/wordpress-meks-audio-player-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Meks Smart Social Widget

PURL mappings

Vulnerability references

Contribute