Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weather vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-24474
The Awesome Weather Widget WordPress plugin up to and including 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.
Awesome Weather Widget Project Awesome Weather Widget
6.1
CVSSv3
CVE-2020-9405
IBL Online Weather prior to 4.3.5a allows unauthenticated reflected XSS via the redirect page.
Iblsoft Online Weather
6.1
CVSSv3
CVE-2014-4561
The ultimate-weather plugin 1.0 for WordPress has XSS
Ultimate-weather Project Ultimate-weather 1.0
5.5
CVSSv3
CVE-2024-3108
An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization.
5.5
CVSSv3
CVE-2022-28780
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
Google Android 10.0
Google Android 11.0
Google Android 12.0
5.5
CVSSv3
CVE-2021-3720
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
Lenovo Legion Phone Pro \\(l79031\\)firmware
Lenovo Legion Phone2 Pro \\(l70081\\) Firmware
5.4
CVSSv3
CVE-2023-5163
The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
Weather-atlas Weather Atlas
5.4
CVSSv3
CVE-2023-4944
The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
Awesome Weather Widget Project Awesome Weather Widget
5.4
CVSSv3
CVE-2023-0360
The Location Weather WordPress plugin prior to 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
Shapedplugin Location Weather
5.4
CVSSv3
CVE-2021-24683
The Weather Effect WordPress plugin prior to 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.
Awplife Weather Effect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »