CVE-2021-24683

Summary

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.

Affected Software

VendorProductVersion RangeStatus
UnknownWeather Effect – Christmas Santa Snow Falling1.3.4 < 1.3.4affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References