Meks Easy Photo Feed Widget

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:mekshq:meks_easy_photo_feed_widget:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorMekshq (81f8bda9-9d6a-50cd-b427-dc7e3a439bbf)
ProductMeks Easy Photo Feed Widget (97f19e8f-0ddd-537f-b2bf-cefd393c29d9)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-25989 vulnerable 2026-06-03 14:50:27.574896 Cross-Site Request Forgery (CSRF) vulnerability in multiple WordPress plugins by Meks
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup.
Published: 2023-10-03T11:00:33.837Z
Updated: 2026-04-28T16:08:11.292Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-24958 vulnerable 2026-06-03 14:44:04.092496 Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site Scripting payloads in them
Published: 2022-03-14T14:41:03.000Z
Updated: 2024-08-03T19:49:13.964Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.