Description
WordPress Plugin Credova_Financial is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Credova_Financial version 1.4.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.9 or latest
References
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39342
https://plugins.svn.wordpress.org/credova-financial/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WP Consultant Cross-Site Scripting (1.0)
MySQL CVE-2017-10311 Vulnerability (CVE-2017-10311)
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38844)
WordPress Plugin myFlash Remote File Include (1.10)
WordPress Plugin Import Social Events Cross-Site Scripting (1.6.6)