CVE-2021-24683

Severity CVSS v4.0:
Pending analysis
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
11/10/2021
Last modified:
09/11/2022

Description

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:awplife:weather_effect:*:*:*:*:*:wordpress:*:* 1.3.4 (excluding)