CVE-2021-24709

CVE-2021-24709: Weather Effect < 1.3.6 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Weather Effect – Christmas Santa Snow Falling

Weakness CWE-79 · XSS

Published October 11, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues

Key dates

02Disclosure timeline

October 11, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24709 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2021-24967 Contact Form & Lead Form Elementor Builder < 1.6.4 - Unauthenticated Stored Cross-Site Scripting CVE-2025-5661 code-projects Traffic Offense Reporting System Setting save-settings.php cross site scripting CVE-2024-24847 WordPress CalculatorPro Calculators Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) CVE-2024-44029 WordPress Viala theme <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-8089 Advanced iFrame <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting