Description

WordPress Plugin Weather for us-animated weather widget includes JavaScript code that would mine cryptocurrency using the CPU resources of site visitors. This allows the plugin owner to earn money by using the CPU resources of visitors. WordPress Plugin Weather for us-animated weather widget version 1.8 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://www.wordfence.com/blog/2017/11/wordpress-plugin-banned-crypto-mining/

Related Vulnerabilities

MySQL CVE-2020-2694 Vulnerability (CVE-2020-2694)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8131)

MySQL CVE-2020-14663 Vulnerability (CVE-2020-14663)

MediaWiki CVE-2022-28204 Vulnerability (CVE-2022-28204)

Drupal CVE-2020-28949 Vulnerability (CVE-2020-28949)

Severity

High

Classification

CWE-829 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update