CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross-Site Request Forgery CSRF vulnerability in Credova Financial CredovaFinancial credova-financial allows Cross Site Request Forgery.This issue affects CredovaFinancial: from n/a through = 2.5.0...

4.3CVSS7.2AI score0.00128EPSS

Exploits0References1

Patchstack•added 2025/05/07 3:30 p.m.•5 views

WordPress Credova_Financial plugin <= 2.5.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by astra.r3verii in WordPress Plugin CredovaFinancial versions = 2.5.0...

4.3CVSS8AI score0.00128EPSS

Exploits0Affected Software1

NVD•added 2025/05/07 3:16 p.m.•10 views

CVE-2025-47674

4.3CVSS0.00128EPSS

Exploits0References1

Vulnrichment•added 2025/05/07 2:20 p.m.•4 views

CVE-2025-47674 WordPress Credova_Financial <= 2.5.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Credova Financial CredovaFinancial allows Cross Site Request Forgery. This issue affects CredovaFinancial: from n/a through 2.5.0...

4.3CVSS4.6AI score0.00128EPSS

Exploits0References1

Cvelist•added 2025/05/07 2:20 p.m.•14 views

CVE-2025-47674 WordPress Credova_Financial plugin <= 2.5.0 - Cross Site Request Forgery (CSRF) Vulnerability

4.3CVSS0.00128EPSS

Exploits0References1

CVE•added 2025/05/07 2:20 p.m.•43 views

CVE-2025-47674

CVE-2025-47674 refers to a CSRF vulnerability in the WordPress plugin Credova_Financial. Public details in the initial record indicate affected software: Credova_Financial versions n/a through 2.5.0, with a CVSS v3.1 base score of 4.3 (Medium) and impact on integrity. The connected documentation ...

4.3CVSS7.2AI score0.00128EPSS

Exploits0References1

CNNVD•added 2025/05/07 12:0 a.m.•1 views

WordPress plugin Credova_Financial 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

4.3CVSS5.9AI score0.00128EPSS

Exploits0References1

Positive Technologies•added 2025/05/07 12:0 a.m.•2 views

PT-2025-20219 · Unknown · Credova Financial

Name of the Vulnerable Software and Affected Versions: Credova Financial versions n/a through 2.5.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions n/a through 2.5.0, update to a version that include...

4.3CVSS5.5AI score0.00128EPSS

Exploits0References4

RedhatCVE•added 2025/04/25 5:56 p.m.•2 views

CVE-2025-32588

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Credova Financial CredovaFinancial credova-financial allows Reflected XSS.This issue affects CredovaFinancial: from n/a through = 2.4.8...

7.1CVSS7.2AI score0.00235EPSS

Exploits0References1

NVD•added 2025/04/17 4:15 p.m.•3 views

CVE-2025-32588

7.1CVSS0.00235EPSS

Exploits0References1

Cvelist•added 2025/04/17 3:47 p.m.•13 views

CVE-2025-32588 WordPress Credova_Financial plugin <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00235EPSS

Exploits0References1

Vulnrichment•added 2025/04/17 3:47 p.m.•4 views

CVE-2025-32588 WordPress Credova_Financial plugin <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Credova Financial CredovaFinancial allows Reflected XSS. This issue affects CredovaFinancial: from n/a through 2.4.8...

7.1CVSS6.9AI score0.00235EPSS

Exploits0References1

CVE•added 2025/04/17 3:47 p.m.•45 views

CVE-2025-32588

CVE-2025-32588 is a reflected XSS in the WordPress Credova_Financial plugin (affected:

7.1CVSS7.2AI score0.00235EPSS

Exploits0References1

CNNVD•added 2025/04/17 12:0 a.m.•1 views

WordPress plugin Credova_Financial 跨站脚本漏洞

7.1CVSS7AI score0.00235EPSS

Exploits0References1

Positive Technologies•added 2025/04/17 12:0 a.m.•2 views

PT-2025-17126 · Unknown · Credova Financial

Name of the Vulnerable Software and Affected Versions: Credova Financial versions through 2.4.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For versions through 2.4.8...

7.1CVSS7.3AI score0.00235EPSS

Exploits0References3

Patchstack•added 2025/04/10 1:14 p.m.•3 views

WordPress Credova_Financial plugin <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin CredovaFinancial versions = 2.4.8...

7.1CVSS6.9AI score0.00235EPSS

Exploits0Affected Software1

Vulnrichment•added 2021/09/29 7:39 p.m.•8 views

CVE-2021-39342 Credova_Financial <= 1.4.8 Sensitive Information Disclosure

The CredovaFinancial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8...

5.3CVSS7.5AI score0.00742EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by