MEDIUM
shapedplugin
CVE published 2026-05-22
CVE-2026-7249
CVE-2026-7249 affects the Location Weather WordPress plugin through 3.0.2. Authenticated users with Contributor-level access or higher can modify plugin state by calling exposed actions that lack capability checks, allowing them to disable weather blocks and purge weather cache transients. The issue is integrity-focused and scored medium severity (CVSS 4.3).