Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weather vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-5163
The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
Weather-atlas Weather Atlas
NA
CVE-2014-6699
The Weather Channel (aka com.weather.Weather) application 5.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Weather Weather Channel 5.2.0
8.8
CVSSv3
CVE-2023-25478
Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather Station plugin <= 3.8.12 versions.
Weather Station Project Weather Station
6.1
CVSSv3
CVE-2014-4561
The ultimate-weather plugin 1.0 for WordPress has XSS
Ultimate-weather Project Ultimate-weather 1.0
5.4
CVSSv3
CVE-2023-4944
The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
Awesome Weather Widget Project Awesome Weather Widget
6.1
CVSSv3
CVE-2021-24474
The Awesome Weather Widget WordPress plugin up to and including 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.
Awesome Weather Widget Project Awesome Weather Widget
7.5
CVSSv3
CVE-2017-16184
scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Scott-blanch-weather-app Project Scott-blanch-weather-app 1.0.0
5.4
CVSSv3
CVE-2023-0360
The Location Weather WordPress plugin prior to 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
Shapedplugin Location Weather
4.3
CVSSv3
CVE-2022-47179
Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft.
Ujsoftware Owm Weather
9.8
CVSSv3
CVE-2023-4831
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection.This issue affects Ncep: prior to 20230914 .
Weather Ncode Ncep
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »