CVE-2026-1822

The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress WP NG Weather plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP NG Weather versions = 1.0.9...

EUVD-2026-14008

The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-30532 WordPress Weather Layer plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MorganF Weather Layer weather-layer allows Stored XSS.This issue affects Weather Layer: from n/a through = 4.2.1...

WordPress Weather Atlas Widget Plugin <= 3.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Weather Atlas Widget Type Plugin Vulnerable versions = 3.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52472 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5504e62dc0b7 Credits LVT-tholv2k Required privileg...

WordPress Weather Widget Pro plugin <= 1.1.40 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Weather Widget Pro versions = 1.1.40...

WordPress Weather Widget Pro Plugin <= 1.1.40 is vulnerable to Cross Site Scripting (XSS)

Software Weather Widget Pro Type Plugin Vulnerable versions = 1.1.40 Fixed in 1.1.41 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35755 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5b92161cd34b Credits LVT-tholv2k Required privilege...

WordPress Weather Station Plugin <= 3.8.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software Weather Station Type Plugin Vulnerable versions = 3.8.12 Fixed in 3.8.13 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25478 Patch priority Low CVSS severity Low 4.3 Developer Jason Rouet PSID aa96ede98f40 Credits Mika Required privile...