CVE-2021-24709 Weather Effect < 1.3.6 - Admin+ Stored Cross-Site Scripting

2021-10-1110:45:44

CWE-79

WPScan

www.cve.org

0.001 Low

EPSS

Percentile

24.8%

JSON

The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues

CNA Affected

[
  {
    "product": "Weather Effect – Christmas Santa Snow Falling",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.3.6",
        "status": "affected",
        "version": "1.3.6",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/df74ed76-af9e-47a8-9a4d-c5c57e9e0f91

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for CVELIST:CVE-2021-24709