Lucene search
K

63 matches found

NVD
NVD
added yesterday10 views

CVE-2026-15299

The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...

6.4CVSS0.00193EPSS
Exploits0References4
EUVD
EUVD
added yesterday6 views

EUVD-2026-42806

The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday24 views

CVE-2026-15299 Animation Addons for Elementor <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Weather Widget

The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...

6.4CVSS0.00193EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-15299

The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weatherstyle' and 'movedirection' parameters of the Weather widget in all versions up to, and including, 2.6.3. This is due to insufficient output escaping in the Weather widget's render...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
CVE
CVE
added yesterday9 views

CVE-2026-15299

CVE-2026-15299 : The Animation Addons for Elementor WordPress plugin is vulnerable to Stored Cross-Site Scripting in all versions up to 2.6.3 via the Weather widget’s weather_style and move_direction parameters. The root cause is insufficient output escaping in Weather widget render() (widgets/we...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.6 views

CVE-2023-4944

The Awesome Weather Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.8AI score0.00418EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-27000

Malware in sbrugna...

5.5CVSS5.6AI score0.00212EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-35513

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-31711

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.00153EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-28368

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.7 views

CVE-2024-35755

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40...

6.5CVSS6.7AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.9 views

CVE-2024-3108

An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization...

5.5CVSS6.7AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:4 p.m.6 views

CVE-2021-3720

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro L79031 and Legion Phone2 Pro L70081 that could allow other applications to access device GPS data...

5.5CVSS6.5AI score0.00212EPSS
Exploits0References1
NVD
NVD
added 2024/06/08 11:15 a.m.26 views

CVE-2024-35755

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40...

6.5CVSS0.00277EPSS
Exploits0References1
OSV
OSV
added 2024/06/08 11:15 a.m.6 views

CVE-2024-35755

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40...

5.4CVSS5.8AI score0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/08 10:26 a.m.28 views

CVE-2024-35755 WordPress Weather Widget Pro plugin <= 1.1.40 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40...

6.5CVSS0.00277EPSS
Exploits0References1
CVE
CVE
added 2024/06/08 10:26 a.m.58 views

CVE-2024-35755

CVE-2024-35755 is an authenticated stored XSS in Weather Widget Pro for WordPress. Affected: Weather Widget Pro, versions up to 1.1.40. Root cause: Improper input neutralization during web page generation. Impact: Stored payloads could execute in pages viewed by users. Public patch status not det...

6.5CVSS6.2AI score0.00277EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/08 12:0 a.m.5 views

PT-2024-26709 · Unknown · El Tiempo Weather Widget Pro

Name of the Vulnerable Software and Affected Versions: El tiempo Weather Widget Pro versions 1.1.40 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

6.5CVSS5.6AI score0.00277EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/06/08 12:0 a.m.6 views

WordPress plugin Weather Widget Pro cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.2AI score0.00277EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/07 9:19 a.m.4 views

WordPress Weather Widget Pro plugin <= 1.1.40 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Weather Widget Pro versions = 1.1.40...

6.5CVSS6.1AI score0.00277EPSS
Exploits0Affected Software1
Rows per page
Query Builder