First published: Mon Oct 11 2021(Updated: )
The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Awplife Weather Effect | <1.3.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-24709.
The severity of CVE-2021-24709 is medium with a severity value of 4.8.
The affected software of CVE-2021-24709 is the Weather Effect WordPress plugin before version 1.3.6.
CVE-2021-24709 is a vulnerability where the Weather Effect WordPress plugin before version 1.3.6 does not properly validate and escape some of its settings, leading to Stored Cross-Site Scripting issues.
To fix CVE-2021-24709, it is recommended to update the Weather Effect WordPress plugin to version 1.3.6 or later.