← Back

Wp Finance

wp_finance

Vendor: Mch0lic • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-13097
1Mch0lic
1Wp Finance
May 12, 2025
Feb 1, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users s...Show more
The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.Show less
CVE-2024-13096
1Mch0lic
1Wp Finance
May 12, 2025
Feb 1, 2025
N/A· v4
4.6 MEDIUM· v3
N/A· v2
The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CS...Show more
The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.Show less