cleantalk
Vulnerabilities and Security Researches

Location Weather – Best Weather Forecast Widget Plugin for WordPress, CVE-2023-0360

CVE, Research URL

CVE-2023-0360

Home page URL

Security reports for Location Weather – Best Weather Forecast Widget Plugin for WordPress

Application

Location Weather – Best Weather Forecast Widget Plugin for WordPress

Published on
Feb 13, 2023
Research Description
The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
max 1.3.4.
Status
vulnerable
Previous vulnerability researches
Location Weather – Best Weather Forecast Widget Plugin for WordPress (CVE-2023-0360) , Jun 07, 2024
Location Weather – Best Weather Forecast Widget Plugin for WordPress (CVE-2026-7249) , May 24, 2026
New vulnerability
Ditty – Responsive News Tickers, Sliders, and Lists (CVE-2026-9011) , May 24, 2026
GSheet For Woo Importer (CVE-2026-4843) , May 24, 2026
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2026-27349) , May 24, 2026
Location Weather – Best Weather Forecast Widget Plugin for WordPress (CVE-2026-7249) , May 24, 2026
Hotel Booking Lite (CVE-2026-8684) , May 24, 2026