Vulnerabilities > Awesome Weather Widget Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-14 | CVE-2023-4944 | Unspecified vulnerability in Awesome Weather Widget Project Awesome Weather Widget The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2021-08-02 | CVE-2021-24474 | Cross-site Scripting vulnerability in Awesome Weather Widget Project Awesome Weather Widget The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability. | 4.3 |