This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
CVE Sentinel
cve-notifications.bsky.social
did:plc:fmpxu5qaccixyxvvyzsllshl
ID: CVE-2024-13096
CVSS N/A
The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
#security #infosec #cve-alert
https://nvd.nist.gov/vuln/detail/CVE-2024-13096
2025-02-01T06:15:56.155Z