Vulnerabilities > Awesome Weather Widget Project

DATE CVE VULNERABILITY TITLE RISK
2023-09-14 CVE-2023-4944 Unspecified vulnerability in Awesome Weather Widget Project Awesome Weather Widget
The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
awesome-weather-widget-project
5.4
2021-08-02 CVE-2021-24474 Cross-site Scripting vulnerability in Awesome Weather Widget Project Awesome Weather Widget
The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.
network
low complexity
awesome-weather-widget-project CWE-79
6.1