VYPR

Awesome Weather Widget

by WordPress

CVEs (2)

  • CVE-2023-4944MedSep 14, 2023
    risk 0.42cvss 6.4epss 0.00

    The Awesome Weather Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…

  • CVE-2021-24474MedAug 2, 2021
    risk 0.40cvss 6.1epss 0.01

    The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.