EUVD-2024-37581

Malicious code in bioql PyPI...

EUVD-2024-47663

Malicious code in bioql PyPI...

CVE-2024-6599

The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajaxsavesettings function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2023-25989

Cross-Site Request Forgery CSRF vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading t...

CVE-2024-38733

Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12...

CVE-2024-38733

CVE-2024-38733 refers to a Missing Authorization vulnerability in the WordPress plugin Meks Video Importer (affected: versions up to and including 1.0.12). The issue results from incorrectly configured access control, described as a Missing Authorization / Broken Access Control scenario, allowing...

CVE-2024-38733 WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12...

CVE-2024-38733 WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12...

PT-2024-28177 · Unknown · Meks Video Importer

Name of the Vulnerable Software and Affected Versions: Meks Video Importer versions 1.0.12 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For Meks Video...

WordPress plugin Meks Video Importer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2024-6599

The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajaxsavesettings function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2024-6599

The CVE affects Meks Video Importer for WordPress. Root cause: missing capability check in ajax_save_settings allows authenticated users with Subscriber+ to modify plugin API keys in all versions up to 1.0.11. Impact: unauthorized API key modification could enable misuse of the plugin’s API keys....

CVE-2024-6599 Meks Video Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) API Keys Modification

The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajaxsavesettings function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and...

PT-2024-37747 · WordPress · Meks Video Importer

Name of the Vulnerable Software and Affected Versions: Meks Video Importer plugin for WordPress versions up to, and including, 1.0.11 Description: The issue arises from a missing capability check on the ajax save settings function, allowing authenticated attackers with Subscriber-level access and...

WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Meks Video Importer versions = 1.0.12...

WordPress Meks Video Importer Plugin <= 1.0.12 is vulnerable to Broken Access Control

Software Meks Video Importer Type Plugin Vulnerable versions = 1.0.12 Fixed in 1.0.13 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38733 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 55873b8587e6 Credits Majed Refaea Required...

CVE-2023-25989

Cross-Site Request Forgery CSRF vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading...

CVE-2023-25989

Summary: CVE-2023-25989 is a CSRF vulnerability reported across multiple Meks WordPress plugins (Audio Player, Time Ago, ThemeForest Smart Widget, Smart Author Widget, Easy Maps, Easy Photo Feed Widget, Simple Flickr Widget, Easy Ads Widget, Smart Social Widget, and related plugins). The flaw ena...

WordPress Meks Video Importer Plugin <= 1.0.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Meks Video Importer Type Plugin Vulnerable versions = 1.0.10 Fixed in 1.0.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25989 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1adedef969c6 Credits Muhammad Daff...