4 matches found
CVE-2021-39342
The CredovaFinancial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8...
CVE-2021-39342 Credova_Financial <= 1.4.8 Sensitive Information Disclosure
The CredovaFinancial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8...
CVE-2021-39342
The CVE-2021-39342 entry corresponds to the WordPress Credova_Financial plugin (versions up to and including 1.4.8) exposing the site’s Credova API account username and password in plaintext via an AJAX action during checkout when the Credova Financing option is enabled. Affected component is the...
WordPress Credova_Financial plugin <= 1.4.8 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered by Marvin Santos in WordPress CredovaFinancial plugin versions = 1.4.8. Solution Update the WordPress CredovaFinancial plugin to the latest available version at least 1.4.9...