CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46638 – WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46638
25 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Webcodin WCP OpenWeather en versiones <= 2.5.0. The WCP OpenWeather plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action ... • https://patchstack.com/database/vulnerability/wcp-openweather/wordpress-wcp-openweather-plugin-2-5-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25471 – WordPress WCP OpenWeather Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-25471
28 Jun 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en el plugin WCP OpenWeather de Webcodin que afecta a las versiones 2.5.0 e inferiores. Para explotar esta vulnerabilidad no hace falta estar autenticado. The WCP OpenWeather plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.0 due to insufficient input sanitizati... • https://patchstack.com/database/vulnerability/wcp-openweather/wordpress-wcp-openweather-plugin-2-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •