RSS   Vulnerabilities for 'Financial'   RSS

2021-09-29
 
CVE-2021-39342

CWE-522
 

 
The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8.

 


Copyright 2024, cxsecurity.com

 

Back to Top