WP Finance Plugin <= 1.3.6 - Cross-Site Scripting

WP Finance WordPress plugin = 1.3.6 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute scripts in high privilege users' browsers, exploit requires victim to click a malicious link. id: CVE-2024-13097 info:...

CVE-2025-13895

The Top Position Google Finance plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-13096

The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

WordPress WP Finance plugin <= 1.3.6 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP Finance versions = 1.3.6...

CVE-2024-13097

The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13097

The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13096

The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-13096

The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-13097 WP Finance <= 1.3.6 - Reflected XSS

The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13096 WP Finance <= 1.3.6 - Stored XSS via CSRF

The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

WordPress plugin WP Finance 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...