CVE-2024-33694

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5...

CVE-2024-33694

CVE-2024-33694 is an XSS vulnerability in Meks ThemeForest Smart Widget (WordPress plugin). It allows Stored Cross-Site Scripting and affects ThemeForest Smart Widget versions from n/a through 1.5. The CVSS 3.1 base score is 5.9 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). The available data does not s...

CVE-2024-33694 WordPress Meks ThemeForest Smart Widget plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks ThemeForest Smart Widget allows Stored XSS.This issue affects Meks ThemeForest Smart Widget: from n/a through 1.5...

PT-2024-25450 · Unknown · Meks Themeforest Smart Widget

Name of the Vulnerable Software and Affected Versions: Meks ThemeForest Smart Widget versions through 1.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker ca...

CVE-2023-25989

Summary: CVE-2023-25989 is a CSRF vulnerability reported across multiple Meks WordPress plugins (Audio Player, Time Ago, ThemeForest Smart Widget, Smart Author Widget, Easy Maps, Easy Photo Feed Widget, Simple Flickr Widget, Easy Ads Widget, Smart Social Widget, and related plugins). The flaw ena...

WordPress Meks ThemeForest Smart Widget Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Meks ThemeForest Smart Widget Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25989 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2367191a142b Credits Muhammad...