Description
WordPress Plugin Weather for us-animated weather widget includes JavaScript code that would mine cryptocurrency using the CPU resources of site visitors. This allows the plugin owner to earn money by using the CPU resources of visitors. WordPress Plugin Weather for us-animated weather widget version 1.8 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin Bookmarkify Multiple Vulnerabilities (2.9.2)
Mailman Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2021-42096)
Artifactory Improper Input Validation Vulnerability (CVE-2016-6501)
SharePoint CVE-2021-31965 Vulnerability (CVE-2021-31965)
WordPress Plugin SP Project & Document Manager Cross-Site Scripting (4.25)