Update-readme-to-markdown

[ssandgren]

No description provided.

[github-actions]

Checkmarx One – Scan Summary & Details – 362f4ed3-edc3-429a-9cbd-4f0bc76056cf

New Issues (11)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Deserialization_of_Untrusted_Data	/includes/traits/SavePaymentInstrumentTrait.php: 95	details The serialized object get_results processed in deleteAllSavedPaymentInstruments in the file /includes/traits/SavePaymentInstrumentTrait.php at line... Attack Vector
	Broken_or_Risky_Hashing_Function	/includes/controllers/WebhookController.php: 77	details In receiveWebhook, the application uses a cryptographic hashing function, md5, that is considered cryptographically weak or broken, in /includes/co... Attack Vector
	Missing_HSTS_Header	/assets/js/admin_apple_pay.js: 23	details The web-application does not define an HSTS header, leaving it vulnerable to attack. Attack Vector
	Missing_HSTS_Header	/includes/controllers/AdminController.php: 394	details The web-application does not define an HSTS header, leaving it vulnerable to attack. Attack Vector
	Privacy_Violation	/includes/gateways/Installment.php: 164	details Method process_payment at line 164 of /includes/gateways/Installment.php sends user information outside the application. This may constitute a Priv... Attack Vector
	Privacy_Violation	/includes/gateways/DirectDebitSecured.php: 125	details Method process_payment at line 125 of /includes/gateways/DirectDebitSecured.php sends user information outside the application. This may constitute... Attack Vector
	Privacy_Violation	/includes/gateways/Invoice.php: 211	details Method process_payment at line 211 of /includes/gateways/Invoice.php sends user information outside the application. This may constitute a Privacy ... Attack Vector
	Privacy_Violation	/includes/gateways/DirectDebitSecured.php: 125	details Method process_payment at line 125 of /includes/gateways/DirectDebitSecured.php sends user information outside the application. This may constitute... Attack Vector
	Log_Forging	/includes/Util.php: 70	details Method getNonceCheckedPostValue at line 70 of /includes/Util.php gets user input from element _POST. This element’s value flows through the code wi... Attack Vector
	Log_Forging	/includes/Util.php: 66	details Method getNonceCheckedPostValue at line 66 of /includes/Util.php gets user input from element _POST. This element’s value flows through the code wi... Attack Vector
	Log_Forging	/includes/controllers/WebhookController.php: 39	details Method receiveWebhook at line 39 of /includes/controllers/WebhookController.php gets user input from element file_get_contents. This element’s valu... Attack Vector