Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Awplife Subscribe
Filtered by product Weather Effect
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-24683 1 Awplife 1 Weather Effect 2022-11-09 4.3 MEDIUM 5.4 MEDIUM
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.
CVE-2021-24709 1 Awplife 1 Weather Effect 2021-10-15 3.5 LOW 4.8 MEDIUM
The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues