← Back

Location Weather

location_weather

Vendor: Shapedplugin • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-0360
1Shapedplugin
1Location Weather
Mar 20, 2025
Feb 13, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor...Show more
The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less