CVE-2021-24683

Name of the Vulnerable Software and Affected Versions The Weather Effect WordPress plugin versions prior to 1.3.4

Description The issue is related to the lack of CSRF checks and input validation when saving settings, which could lead to a Stored Cross-Site Scripting issue. This means that an attacker could potentially inject malicious scripts into the plugin's settings, which would then be stored and executed by the application.

Recommendations For versions prior to 1.3.4, update to version 1.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings page to minimize the risk of exploitation.