cleantalk
Vulnerabilities and Security Researches

Melhor Envio, 13a83e5dd59fa8c582fb848c15bfdc1f39429314

CVE, Research URL

13a83e5dd59fa8c582fb848c15bfdc1f39429314

Home page URL

Security reports for Melhor Envio

Application

Melhor Envio

Published on
Apr 26, 2022
Research Description
Melhor Envio [melhor-envio-cotacao] < 2.11.20 Melhor Envio <= 2.11.19 - Cross-Site Request Forgery and Authenticated Settings Change The Melhor Envio plugin for WordPress is vulnerable to authenticated settings changes and Cross-Site Request Forgery in versions up to, and including, 2.11.19. This allowed any authenticated user to directly modify plugin settings, and allowed unauthenticated users to modify the same settings if they could trick an authenticated user into performing an action, such as clicking a link.
Affected versions
Min -, max 2.11.20.
Status
vulnerable
Previous vulnerability researches
Melhor Envio (13a83e5dd59fa8c582fb848c15bfdc1f39429314) , Jun 06, 2024
Melhor Envio (CVE-2024-13820) , Apr 09, 2025
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025