4 matches found
CVE-2021-24709
The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings like sizeleaf, flakesleaf, speed which could lead to Stored Cross-Site Scripting issues...
CVE-2021-24709
The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings like sizeleaf, flakesleaf, speed which could lead to Stored Cross-Site Scripting issues...
CVE-2021-24709 Weather Effect < 1.3.6 - Admin+ Stored Cross-Site Scripting
The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings like sizeleaf, flakesleaf, speed which could lead to Stored Cross-Site Scripting issues...
CVE-2021-24709
CVE-2021-24709 affects the Weather Effect WordPress plugin prior to 1.3.6. The underlying issue is insufficient validation/escaping of certain settings (eg *_size_leaf, *_flakes_leaf, *_speed), leading to Stored Cross-Site Scripting. Public sources (WPScan, PatchStack) reference admin+ and stored...