A vulnerability, which was classified as critical , has been found in shapedplugin Location Weather Plugin up to 3.0.2 on WordPress. The impacted element is the function splw_update_block_options . Performing a manipulation results in missing authorization. This vulnerability was named CVE-2026-7249 . The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.