Thrill-Sea-Ker

**Name of the Vulnerable Software and Affected Versions** CTT Expresso para WooCommerce plugin for WordPress versions up to and including 3.2.12 **Description** The issue concerns the exposure of sensitive information in the CTT Expresso para WooCommerce plugin for WordPress. This exposure occurs via the /wp-content/uploads/cepw directory, where generated .pdf and log files are publicly accessible. These files contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses. **Recommendations** For versions up to and including 3.2.12, consider restricting access to the /wp-content/uploads/cepw directory to prevent public access to sensitive .pdf and log files until a patch is available. As a temporary workaround, avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.