CVE-2024-13820

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Apr 8, 2025

CWE ID 200

Summary

CVE-2024-13820 is a Sensitive Information Exposure vulnerability affecting the Melhor Envio plugin for WordPress. The issue lies in the 'run' function, which makes use of a hardcoded hash. This weakness allows unauthenticated attackers to gain access to sensitive data, including environment information, plugin tokens, shipping configurations, and restricted vendor details. The vulnerability holds risk for all WordPress installations using the Melhor Envio plugin up to and including version 2.15.9. It is highly recommended that users update to the latest available version to mitigate this exposure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/29eoUv
https://www.cve.org/CVERecord?id=CVE-2024-13820
https://nvd.nist.gov/vuln/detail/CVE-2024-13820

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners

CVE-2024-13820

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations