RSS   Vulnerabilities for 'Weather effect'   RSS

2021-10-11
 
CVE-2021-24683

CWE-352
 

 
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.

 
 
CVE-2021-24709

CWE-79
 

 
The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues

 

 >>> Vendor: Awplife 3 Products
Contact form widget
Grid gallery
Weather effect


Copyright 2024, cxsecurity.com

 

Back to Top