VYPR

Credova Financial

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-32588HigApr 17, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Credova Financial Credova_Financial credova-financial allows Reflected XSS.This issue affects Credova_Financial: from n/a through <= 2.4.8.

  • CVE-2021-39342MedSep 29, 2021
    risk 0.35cvss 5.3epss 0.01

    The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and…

  • CVE-2025-47674MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial credova-financial allows Cross Site Request Forgery.This issue affects Credova_Financial: from n/a through <= 2.5.0.