mch0lic CVE Vulnerabilities & CVE List (2)

Products (CPE): — CVEs: 2

mch0lic vulnerability overview

This page aggregates publicly disclosed CVE and security risk information related to mch0lic, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

Vulnerability distribution trend (last 24 months)

Showing 12 of 2 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2024-13097 The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. [email protected] 5.4 0.67% 2025-02-01 2026-06-17
CVE-2024-13096 The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. [email protected] 4.6 0.20% 2025-02-01 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence