Skip to main content

Melhor Envio

1 CVEs product

Monthly

CVE-2026-54804 HIGH This Week

Authentication bypass in the Melhor Envio WordPress plugin (versions 2.16.3 and earlier) allows low-privileged subscriber accounts to perform actions they should not be authorized for. With CVSS 7.6 (high) and a CWE-288 classification, the flaw lets any registered WordPress user escalate access against the plugin's restricted endpoints, with no public exploit identified at time of analysis. The Patchstack-reported issue primarily threatens shipping/quotation workflows on WordPress e-commerce sites that integrate the Brazilian Melhor Envio shipping service.

Information Disclosure Melhor Envio
NVD VulDB
CVSS 3.1
7.6
EPSS
0.3%
EPSS 0% CVSS 7.6
HIGH This Week

Authentication bypass in the Melhor Envio WordPress plugin (versions 2.16.3 and earlier) allows low-privileged subscriber accounts to perform actions they should not be authorized for. With CVSS 7.6 (high) and a CWE-288 classification, the flaw lets any registered WordPress user escalate access against the plugin's restricted endpoints, with no public exploit identified at time of analysis. The Patchstack-reported issue primarily threatens shipping/quotation workflows on WordPress e-commerce sites that integrate the Brazilian Melhor Envio shipping service.

Information Disclosure Melhor Envio
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy