The Awesome Weather Widget WordPress plugin up to and including 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
awesome weather widget project awesome weather widget |