| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-1822 | WP NG Weather <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | tonysamperi | WP NG Weather | Medium | 6.4 | 2026-03-21 03:26:34 | Deep Dive |
| CVE-2025-66620 | Columbia Weather Systems MicroServer Command Shell in Externally Accessible Directory | Columbia Weather Systems | MicroServer | High | 8.0 | 2026-01-07 20:08:33 | Deep Dive |
| CVE-2025-64305 | Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk | Columbia Weather Systems | MicroServer | Medium | 6.5 | 2026-01-07 20:02:03 | Deep Dive |
| CVE-2025-61939 | Columbia Weather Systems MicroServer Improper Restriction of Communication Channel to Intended Endpoints | Columbia Weather Systems | MicroServer | High | 8.8 | 2026-01-07 19:56:52 | Deep Dive |
| CVE-2025-28980 | WordPress Aviation Weather from NOAA plugin <= 0.7.2 - Arbitrary File Deletion Vulnerability | machouinard | Aviation Weather from NOAA | High | 7.7 | 2025-07-04 11:18:09 | Deep Dive |
| CVE-2025-52809 | WordPress National Weather Service Alerts plugin <= 1.3.5 - Local File Inclusion Vulnerability | John Russell | National Weather Service Alerts | High | 8.1 | 2025-06-27 11:52:21 | Deep Dive |
| CVE-2025-47423 | Personal Weather Station Dashboard 安全漏洞 | pwsdashboard | Personal Weather Station Dashboard | Medium | 5.8 | 2025-05-07 00:00:00 | Deep Dive |
| CVE-2025-30532 | WordPress Weather Layer plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability | MorganF | Weather Layer | Medium | 5.9 | 2025-03-24 13:46:43 | Deep Dive |
| CVE-2025-1077 | Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather) | IBL Software Engineering | Visual Weather | 高危 | - | 2025-02-07 08:32:02 | Deep Dive |
| CVE-2021-26279 | Information disclosure vulnerability in Weather module | vivo | Weather | Medium | 5.9 | 2024-12-17 03:34:42 | Deep Dive |
| CVE-2024-52472 | WordPress Weather Atlas Widget plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability | Weather Atlas | Weather Atlas Widget | High | 7.1 | 2024-11-20 14:31:03 | Deep Dive |
| CVE-2024-35755 | WordPress Weather Widget Pro plugin <= 1.1.40 - Cross Site Scripting (XSS) vulnerability | El tiempo | Weather Widget Pro | Medium | 6.5 | 2024-06-08 10:26:29 | Deep Dive |
| CVE-2023-5163 | Weather Atlas Widget <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | weatheratlas | Weather Atlas Widget | Medium | 6.4 | 2023-11-22 15:33:34 | Deep Dive |
| CVE-2023-4944 | Awesome Weather Widget <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | richardgabriel | Awesome Weather Widget | Medium | 6.4 | 2023-09-14 02:29:51 | Deep Dive |
| CVE-2023-25478 | WordPress Weather Station Plugin <= 3.8.12 is vulnerable to Cross Site Request Forgery (CSRF) | Jason Rouet | Weather Station | Medium | 4.3 | 2023-07-10 12:44:21 | Deep Dive |
| CVE-2022-47179 | WordPress OWM Weather Plugin <= 5.6.11 is vulnerable to Cross Site Request Forgery (CSRF) | Uwe Jacobs | OWM Weather | Medium | 4.3 | 2023-02-28 14:59:41 | Deep Dive |
| CVE-2023-0360 | Location Weather < 1.3.4 - Contributor+ Stored XSS | Unknown | Location Weather | 中危 | - | 2023-02-13 14:32:33 | Deep Dive |
| CVE-2022-3769 | OWM Weather < 5.6.9 - Contributor+ SQLi | Unknown | OWM Weather | 高危 | - | 2022-11-28 13:47:08 | Deep Dive |
| CVE-2021-24864 | WP Cloudy < 4.4.9 - Admin+ SQL Injection | Unknown | WP Cloudy, weather plugin | 高危 | - | 2022-02-28 09:06:13 | Deep Dive |
| CVE-2021-24709 | Weather Effect < 1.3.6 - Admin+ Stored Cross-Site Scripting | Unknown | Weather Effect – Christmas Santa Snow Falling | 中危 | - | 2021-10-11 10:45:44 | Deep Dive |