Filtered by vendor Awesome Weather Widget Project
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4944 | 1 Awesome Weather Widget Project | 1 Awesome Weather Widget | 2023-11-07 | 5.4 Medium |
| The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2021-24474 | 1 Awesome Weather Widget Project | 1 Awesome Weather Widget | 2021-11-10 | 6.1 Medium |
| The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability. | ||||
Page 1 of 1.