16 matches found
EUVD-2021-11621
Malware in sbrugna...
CVE-2021-24683
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...
WordPress Weather Effect plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Weather Effect plugin prior to version 1.3.4, whi...
CVE-2021-24709
The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings like sizeleaf, flakesleaf, speed which could lead to Stored Cross-Site Scripting issues...
CVE-2021-24683
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...
CVE-2021-24683
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...
CVE-2021-24709
The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings like sizeleaf, flakesleaf, speed which could lead to Stored Cross-Site Scripting issues...
CVE-2021-24709
CVE-2021-24709 affects the Weather Effect WordPress plugin prior to 1.3.6. The underlying issue is insufficient validation/escaping of certain settings (eg *_size_leaf, *_flakes_leaf, *_speed), leading to Stored Cross-Site Scripting. Public sources (WPScan, PatchStack) reference admin+ and stored...
CVE-2021-24683
The CVE-2021-24683 entry concerns the Weather Effect WordPress plugin (prior to version 1.3.4). The root cause is that saving settings lacked CSRF protection and did not validate or escape input, enabling a Stored Cross-Site Scripting (XSS) vulnerability. Affected software: Weather Effect WordPre...
CVE-2021-24683 Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...
WordPress plugin Weather Effect 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Weather Effect plugin prior to version 1.3.4, whi...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Weather Effect, which stems from the Weather Effect WordPress plugin prior to 1.3.6 not properly validating and escaping some settings e.g. size leaf, flake lea...
PT-2021-16193 · WordPress · The Weather Effect
Name of the Vulnerable Software and Affected Versions: The Weather Effect WordPress plugin versions prior to 1.3.4 Description: The issue is related to the lack of CSRF checks and input validation when saving settings, which could lead to a Stored Cross-Site Scripting issue. This means that an...
WordPress Weather Effect plugin <= 1.3.4 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Weather Effect plugin versions = 1.3.4. Solution Update the WordPress Weather Effect plugin to the latest available version at least 1.3.6...
Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting
The plugin does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue. v1.3.4 fixed the CSRF, but not the sanitisation/escaping fully. Another issue has been created for it PoC To have the XSS only...
WordPress Weather Effect plugin <= 1.3.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by apple502j in WordPress Weather Effect plugin versions = 1.3.3. Solution Update the WordPress Weather Effect plugin to the latest available version at least 1.3.4...