CVE-2021-24474

The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt