Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting
CVE-2021-24683

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Weather Effect – Christmas Santa Snow Falling
Vendor: CVE Published:; 11 October 2021

Summary

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.

Affected Version(s)

Weather Effect – Christmas Santa Snow Falling 1.3.4

References

https://wpscan.com/vulnerability/54f95b51-5804-4bee-9e4a-...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

apple502j