Melhor Envio
Monthly
Authentication bypass in the Melhor Envio WordPress plugin (versions 2.16.3 and earlier) allows low-privileged subscriber accounts to perform actions they should not be authorized for. With CVSS 7.6 (high) and a CWE-288 classification, the flaw lets any registered WordPress user escalate access against the plugin's restricted endpoints, with no public exploit identified at time of analysis. The Patchstack-reported issue primarily threatens shipping/quotation workflows on WordPress e-commerce sites that integrate the Brazilian Melhor Envio shipping service.
Authentication bypass in the Melhor Envio WordPress plugin (versions 2.16.3 and earlier) allows low-privileged subscriber accounts to perform actions they should not be authorized for. With CVSS 7.6 (high) and a CWE-288 classification, the flaw lets any registered WordPress user escalate access against the plugin's restricted endpoints, with no public exploit identified at time of analysis. The Patchstack-reported issue primarily threatens shipping/quotation workflows on WordPress e-commerce sites that integrate the Brazilian Melhor Envio shipping service.