Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Credova_Financial <= 1.4.8 Sensitive Information Disclosure
Vulnerability Description
The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
敏感数据的明文传输
Vulnerability Title
WordPress plugin Credova_Financial 安全漏洞
Vulnerability Description
WordPress 插件是WordPress开源的一个应用插件。 WordPress 插件 Credova_Financial 1.4.8及之前版本存在安全漏洞,该漏洞源于当在网站用户在启用Credova finance选项的页面结帐时,插件会通过AJAX操作以明文形式公开网站相关的Credova API帐户的用户名和密码。
CVSS Information
N/A
Vulnerability Type
N/A