Vulnerabilities and security researches forcredova-financial credova-financial

Jun 07, 2024

CVE, Research URL: CVE-2021-39342
Home page URL: Security reports for Credova Financial
Application: Credova Financial
Date: Sep 30, 2021
Research Description: The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8.
Affected versions: Min -, max -.
Status: vulnerable

Apr 14, 2025

CVE, Research URL: CVE-2025-32588
Home page URL: Security reports for Credova Financial
Application: Credova Financial
Date: Apr 17, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Credova Financial Credova_Financial allows Reflected XSS. This issue affects Credova_Financial: from n/a through 2.4.8.
Affected versions: Min -, max -.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47674
Home page URL: Security reports for Credova Financial
Application: Credova Financial
Date: May 07, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial allows Cross Site Request Forgery. This issue affects Credova_Financial: from n/a through 2.5.0.
Affected versions: Min -, max -.
Status: vulnerable