The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-10-11T10:45:39

Updated: 2024-08-03T19:42:16.085Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24683

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-10-11T11:15:09.060

Modified: 2024-11-21T05:53:33.440

Link: CVE-2021-24683

cve-icon Redhat

No data.