Description
WordPress Plugin Credova_Financial is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Credova_Financial version 1.4.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.9 or latest
References
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39342
https://plugins.svn.wordpress.org/credova-financial/trunk/readme.txt
Related Vulnerabilities
MySQL CVE-2014-2450 Vulnerability (CVE-2014-2450)
WordPress Plugin Rent-A-Car TimThumb Arbitrary File Upload (1.0)
Python Integer Overflow or Wraparound Vulnerability (CVE-2008-1679)
WordPress Plugin Xorbin Analog Flash Clock Cross-Site Scripting (1.0)
WordPress Plugin DethemeKit For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.5.5.4)