CVE-2024-13820

Name of the Vulnerable Software and Affected Versions: Melhor Envio plugin for WordPress versions up to and including 2.15.9

Description: The issue allows unauthenticated attackers to extract sensitive data, including environment information, plugin tokens, shipping configurations, and limited vendor information, through the run function, which utilizes a hardcoded hash.

Recommendations: For Melhor Envio plugin for WordPress versions up to and including 2.15.9, update to a version higher than 2.15.9 to resolve the issue. As a temporary workaround, consider restricting access to the run function until a patch is available.