CVE-2024-13820
📋 TL;DR
The Melhor Envio WordPress plugin exposes sensitive information through a hardcoded hash in the 'run' function. Unauthenticated attackers can extract environment data, plugin tokens, shipping configurations, and vendor information. All WordPress sites using this plugin up to version 2.15.9 are affected.
💻 Affected Systems
- Melhor Envio WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain plugin tokens and shipping configurations, potentially enabling unauthorized access to shipping systems, data manipulation, or further attacks on connected services.
Likely Case
Attackers extract environment information and limited vendor data, which could be used for reconnaissance or combined with other vulnerabilities for more severe attacks.
If Mitigated
With proper network segmentation and access controls, impact is limited to information disclosure without enabling further system compromise.
🎯 Exploit Status
The vulnerability is trivially exploitable via HTTP requests to the vulnerable endpoint with the hardcoded hash.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.16.0 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/melhor-envio-cotacao/trunk/Services/TestService.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Melhor Envio' and click 'Update Now'. 4. Verify version is 2.16.0 or higher.
🔧 Temporary Workarounds
Disable vulnerable endpoint via .htaccess
allBlock access to the TestService.php file via web server configuration
<Files "TestService.php">
Order Allow,Deny
Deny from all
</Files>
🧯 If You Can't Patch
- Disable the Melhor Envio plugin completely until patched
- Implement WAF rules to block requests containing the hardcoded hash
🔍 How to Verify
Check if Vulnerable:
Check if /wp-content/plugins/melhor-envio-cotacao/Services/TestService.php exists and contains the hardcoded hash 'teste123'Check Version:
wp plugin list --name=melhor-envio-cotacao --field=versionVerify Fix Applied:
Verify TestService.php no longer contains the hardcoded hash 'teste123' or the vulnerable function has been removed📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-content/plugins/melhor-envio-cotacao/Services/TestService.php with parameter 'hash=teste123'
Network Indicators:
- Unusual traffic patterns to plugin test endpoints from external IPs
SIEM Query:
source="web_access_logs" AND uri="/wp-content/plugins/melhor-envio-cotacao/Services/TestService.php" AND query="*hash=teste123*"🔗 References
- https://github.com/melhorenvio/wp-melhorenvio-v2/blob/6e2f5bb01c536df9fc84534eb8a27ec99d9601af/Services/TestService.php
- https://plugins.trac.wordpress.org/browser/melhor-envio-cotacao/trunk/Services/TestService.php#L20
- https://plugins.trac.wordpress.org/browser/melhor-envio-cotacao/trunk/Services/TestService.php#L30
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a8f093bc-5cd3-41a0-b86b-d00338334d2e?source=cve
