MidnightBSD

Advisories for ujsoftware

CVE-2022-3769

The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor

Products Affected

Vendor Product Version
ujsoftware owm_weather *
CVE-2022-47179

Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
ujsoftware owm_weather *