CVE-2021-24683 Information

Description

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings and do not validate or escape them which could lead to Stored Cross-Site Scripting issue.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Reference

https://wpscan.com/vulnerability/54f95b51-5804-4bee-9e4a-f73b8ef9bbd5

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4