Browse all 3 CVE security advisories affecting Credova Financial. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Credova Financial provides point-of-sale financing solutions for retail purchases, enabling consumers to buy now and pay later. Historically, the organization has been associated with vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws, primarily affecting its web and mobile applications. While no major public security incidents have been widely documented, the three CVEs on record highlight persistent security challenges in its digital infrastructure. These vulnerabilities typically stem from insufficient input validation and access control mechanisms, potentially exposing sensitive customer financial data and system integrity to unauthorized access or manipulation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-47674 | WordPress Credova_Financial plugin <= 2.5.0 - Cross Site Request Forgery (CSRF) Vulnerability — Credova_FinancialCWE-352 | 4.3 | Medium | 2025-05-07 |
| CVE-2025-32588 | WordPress Credova_Financial plugin <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability — Credova_FinancialCWE-79 | 7.1 | High | 2025-04-17 |
| CVE-2021-39342 | Credova_Financial <= 1.4.8 Sensitive Information Disclosure — Credova_FinancialCWE-319 | 5.3 | Medium | 2021-09-29 |
This page lists every published CVE security advisory associated with Credova Financial. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.