Weather Security Vulnerabilities

CVE-2023-5163

The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-4944

The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-25478

Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather Station plugin <= 3.8.12...

CVE-2022-47179

Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a...

CVE-2023-0360

The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2022-3769

The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as...

CVE-2021-24864

The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection...

CVE-2021-24709

The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like _size_leaf, _flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting...

CVE-2021-24683

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting...

CVE-2021-24474

The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS)...