cleantalk
Vulnerabilities and Security Researches

Melhor Envio, CVE-2024-13820

CVE, Research URL

CVE-2024-13820

Home page URL

Security reports for Melhor Envio

Application

Melhor Envio

Published on
Apr 08, 2025
Research Description
The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.9 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information, plugin tokens, shipping configurations, and limited vendor information.
Affected versions
Min -, max 2.15.9.
Status
vulnerable
Previous vulnerability researches
Export All Posts, Products, Orders, Refunds & Users (CVE-2023-45066) , Jun 07, 2024
Export All Posts, Products, Orders, Refunds & Users (CVE-2016-11000) , Jun 07, 2024
Export All Posts, Products, Orders, Refunds & Users (CVE-2018-20968) , Jun 07, 2024
Export All Posts, Products, Orders, Refunds & Users (CVE-2023-2487) , Jun 07, 2024
Export All Posts, Products, Orders, Refunds & Users (CVE-2024-12315) , Feb 16, 2025
New vulnerability
Site Search 360 (CVE-2025-39530) , Apr 17, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-39589) , Apr 17, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-39590) , Apr 17, 2025
Basic Interactive World Map (CVE-2025-39517) , Apr 17, 2025
Dynamic Post (CVE-2025-39522) , Apr 17, 2025