2024-11-23
: The CTT Expresso para WooCommerce plugin for WordPress versions up to 3.2.12 is vulnerable to sensitive information disclosure. Publicly accessible .pdf and log files within the `/wp-content/uploads/cepw` directory can expose sender/receiver names, phone numbers, addresses, and email addresses.
Vulnerability Details:
Platform: WordPress Plugin – CTT Expresso para WooCommerce
Version: Up to 3.2.12 (inclusive)
Vulnerability: Sensitive Information Exposure
Severity: Medium
Date: July 31, 2024 (published), November 22, 2024 (last modified)
What Undercode Says:
This vulnerability allows unauthorized access to potentially sensitive information within the CTT Expresso para WooCommerce plugin. It’s crucial to update the plugin to version 3.2.13 or later to mitigate this risk.
Recommendations:
Update the CTT Expresso para WooCommerce plugin to version 3.2.13 or later.
Review any exposed information within the `/wp-content/uploads/cepw` directory and take necessary actions to secure it.
Additional Notes:
This vulnerability was identified by Wordfence.
The National Vulnerability Database (NVD) assigns a CVSS score for this vulnerability, though it’s not specified in the provided excerpt.
By following these recommendations, you can help protect your website from potential security breaches.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help