← Back

Owm Weather

owm_weather

Vendor: Ujsoftware • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Ujsoftware
1Owm Weather
Jun 17, 2026
Feb 28, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft.
1Ujsoftware
1Owm Weather
Jun 17, 2026
Nov 28, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor