Impact
The Vulnerability allows attackers to bypass the authentication mechanism for the Melhor Envio WordPress plugin, effectively granting them unauthorized access to the plugin’s administrative functions. This breach in authentication control can facilitate the execution of unintended administrative actions, data manipulation, or the introduction of malicious content. The weakness is classified as CWE-288 and indicates a failure to enforce proper authentication and session management.
Affected Systems
Any WordPress installation running the Melhor Envio plugin version 2.16.3 or earlier is vulnerable. The affected product is the Melhor Envio WordPress plugin, specifically versions up to and including 2.16.3, which can be found in WordPress plugin repositories and on sites where the plugin is installed.
Risk and Exploitability
The CVSS score of 7.6 places this vulnerability in the high severity range. At present the EPSS score is not available, and it is not listed in the CISA KEV catalog, indicating no known widespread exploitation data. The typical attack vector is inferred to be remote via the WordPress site’s authentication interface, where an attacker could submit crafted credentials or use session manipulation to gain elevated privileges.
OpenCVE Enrichment