Description
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.
References
https://wpscan.com/vulnerability/54f95b51-5804-4bee-9e4a-f73b8ef9bbd5
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-10-11T11:15:09.060
3 years agoLast modified
2022-11-09T21:49:28.570
2 years ago