5 matches found
WCP OpenWeather <= 2.5.0 - Cross-Site Request Forgery
Description The WCP OpenWeather plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown...
WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software WCP OpenWeather Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46638 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 63c5a56a4d0f Credits Mika Required privile...
CVE-2023-25471
CVE-2023-25471 affects WordPress WCP OpenWeather Plugin (versions
CVE-2023-25471 WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Webcodin WCP OpenWeather plugin = 2.5.0 versions...
WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)
Software WCP OpenWeather Type Plugin Vulnerable versions = 2.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25471 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 90acb7d8d993 Credits Nguyen Xuan Chien...