Description
Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through <= 1.0.
Published: 2025-12-16
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized plugin disabling via CSRF
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a Cross‑Site Request Forgery flaw that allows an attacker to trigger the plugin’s disabling action without user interaction. An authenticated user who visits a malicious page could be coerced into submitting a request that disables plugins, affecting site functionality and potentially exposing the site to further attacks. The weakness is classified as CWE‑352, a CSRF weakness that undermines integrity of privileged actions.

Affected Systems

The affected product is Meks Quick Plugin Disabler, version 1.0 or earlier, deployed on WordPress installations.

Risk and Exploitability

Based on the description, it is inferred that attackers would need to entice an authenticated user into interacting with a crafted request, typically via a link or embedded content, to exploit the weakness. The CVSS score of 5.4 places the issue in a medium severity range, while the EPSS score of less than 1% indicates a low likelihood of being targeted at this time. The vulnerability is not listed in CISA’s KEV catalog. No additional prerequisites are noted beyond user authentication.

Generated by OpenCVE AI on April 28, 2026 at 10:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Meks Quick Plugin Disabler to a version newer than 1.0.
  • If upgrading is not possible, disable or restrict the plugin’s disabling functionality to administrators only and block the relevant operation endpoints.
  • Use a web application firewall or CSRF protection plugin to detect and mitigate unauthorized requests.

Generated by OpenCVE AI on April 28, 2026 at 10:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

 cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Tue, 16 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

Tue, 16 Dec 2025 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Tue, 16 Dec 2025 08:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a through <= 1.0.
Title WordPress Meks Quick Plugin Disabler plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:28.309Z

Reserved: 2025-12-15T10:01:29.282Z

Link: CVE-2025-68083

cve-icon Vulnrichment

Updated: 2025-12-16T20:36:30.853Z

cve-icon NVD

Status : Deferred

Published: 2025-12-16T09:16:03.360

Modified: 2026-04-27T19:16:25.100

Link: CVE-2025-68083

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:15:28Z

Weaknesses