CVE-2026-7249 | shapedplugin Location Weather Plugin up to 3.0.2 on WordPress splw_update_block_options authorization

Inserito da Angelo Barbosa | Mag 22, 2026 | CVE

A vulnerability, which was classified as critical, has been found in shapedplugin Location Weather Plugin up to 3.0.2 on WordPress. The impacted element is the function splw_update_block_options. Performing a manipulation results in missing authorization.

This vulnerability was named CVE-2026-7249. The attack may be initiated remotely. There is no available exploit.

It is advisable to upgrade the affected component.

CVE-2026-7249 | shapedplugin Location Weather Plugin up to 3.0.2 on WordPress splw_update_block_options authorization

Post correlati

CVE-2024-11119 | BNE Gallery Extended Plugin up to 1.2.1 on WordPress Shortcode cross site scripting

CVE-2024-31870 | IBM i 7.2/7.3/7.4/7.5 USRPRF Object observable response discrepancy (XFDB-287174)

CVE-2023-52292 | IBM Sterling File Gateway up to 6.1.2.5/6.2.0.3 Web UI cross site scripting

CVE-2025-10548 | CleverControl Employee Monitoring Software 11.5.1041.6 certificate validation