7 matches found
CVE-2021-24683
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...
WordPress Weather Effect plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Weather Effect plugin prior to version 1.3.4, whi...
CVE-2021-24683
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Weather Effect, which stems from the Weather Effect WordPress plugin prior to 1.3.6 not properly validating and escaping some settings e.g. size leaf, flake lea...
PT-2021-16193 · WordPress · The Weather Effect
Name of the Vulnerable Software and Affected Versions: The Weather Effect WordPress plugin versions prior to 1.3.4 Description: The issue is related to the lack of CSRF checks and input validation when saving settings, which could lead to a Stored Cross-Site Scripting issue. This means that an...
WordPress Weather Effect plugin <= 1.3.4 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Weather Effect plugin versions = 1.3.4. Solution Update the WordPress Weather Effect plugin to the latest available version at least 1.3.6...
WordPress Weather Effect plugin <= 1.3.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by apple502j in WordPress Weather Effect plugin versions = 1.3.3. Solution Update the WordPress Weather Effect plugin to the latest available version at least 1.3.4...