cleantalk
Vulnerabilities and Security Researches

Melhor Envio, CVE-2024-13820

CVE, Research URL

CVE-2024-13820

Home page URL

Security reports for Melhor Envio

Application

Melhor Envio

Published on
Apr 08, 2025
Research Description
The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.9 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information, plugin tokens, shipping configurations, and limited vendor information.
Affected versions
Min -, max 2.15.9.
Status
vulnerable
Previous vulnerability researches
Melhor Envio (13a83e5dd59fa8c582fb848c15bfdc1f39429314) , Jun 06, 2024
Melhor Envio (CVE-2024-13820) , Apr 09, 2025
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025