9 matches found
CVE-2026-1822
The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2026-14008
The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1822
The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1822
The WP NG Weather plugin for WordPress is affected (
CVE-2026-1822
The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-8062
The WS Theme Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wsweather shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-8062
The CVE-2025-8062 entry concerns WordPress WS Theme Addons plugin vulnerability (Shortcode ws_weather) allowing Stored Cross-Site Scripting. Affected versions: all up to 2.0.0. Root cause: insufficient input sanitization and output escaping on user-supplied shortcode attributes, enabling an authe...
CVE-2025-8062 WS Theme Addons <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode
The WS Theme Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wsweather shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2025-34515 · WordPress · Ws Theme Addons
Name of the Vulnerable Software and Affected Versions: WS Theme Addons plugin for WordPress versions prior to 2.0.1 Description: The WS Theme Addons plugin for WordPress is susceptible to Stored Cross-Site Scripting through the ws weather shortcode. Insufficient input sanitization and output...