Vulnerabilities and security researches forctt-expresso-para-woocommerce ctt-expresso-para-woocommerce

Jun 06, 2024

CVE, Research URL: CVE-2022-47589
Home page URL: Security reports for CTT Expresso para WooCommerce
Application: CTT Expresso para WooCommerce
Date: Mar 23, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this.Functional CTT Expresso para WooCommerce plugin <= 3.2.11 versions.
Affected versions: Min -, max -.
Status: vulnerable

Aug 01, 2024

CVE, Research URL: CVE-2024-6687
Home page URL: Security reports for CTT Expresso para WooCommerce
Application: CTT Expresso para WooCommerce
Date: Aug 01, 2024
Research Description: The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses
Affected versions: Min -, max -.
Status: vulnerable

May 19, 2025

CVE, Research URL: CVE-2024-6478
Home page URL: Security reports for CTT Expresso para WooCommerce
Application: CTT Expresso para WooCommerce
Date: May 16, 2025
Research Description: The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: Min -, max -.
Status: vulnerable