Awesome Weather Widget <= 3.0.2 - Reflected Cross-site Scripting (XSS)
CVE-2021-24474

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Awesome Weather Widget
Vendor
CVE Published:
2 August 2021

Summary

The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.

Affected Version(s)

Awesome Weather Widget 3.0.2

References

https://wpscan.com/vulnerability/49bc46a8-9d55-4fa1-8e0d-...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Truoc Phan
.