Lucene search
José AguileraWPVDB-ID:CE2E3503-9A06-4F5C-AE0F-F40E7DFB2903HistoryNov 29, 2021 - 12:00 a.m.
CorreosExpress <= 2.6.0 - Sensitive Information Disclosure
2021-11-2900:00:00
José Aguilera
wpscan.com
19
0.001 Low
EPSS
Percentile
40.2%
The plugin generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses
PoC
https://example.com/wp-content/plugins/correos-express/log/log_cron_function.txt https://example.com/wp-content/plugins/correos-express/log/log_ordenes.txt https://example.com/wp-content/plugins/correos-express/log/log_rest.txt
| CPE | Name | Operator | Version |
|---|---|---|---|
| correos-express | eq | * |
Related
nvd
nvd
CVE-2021-25009
2022-03-07 09:15:08
cve
cve
CVE-2021-25009
2022-03-07 09:15:08
prion
prion
Design/Logic Flaw
2022-03-07 09:15:00
wpexploit
wpexploit
CorreosExpress <= 2.6.0 - Sensitive Information Disclosure
2021-11-29 00:00:00
cnvd
cnvd
WordPress CorreosExpress plugin information leakage vulnerability
2022-03-09 00:00:00
cvelist
cvelist
CVE-2021-25009 CorreosExpress <= 2.6.0 - Sensitive Information Disclosure
2022-03-07 08:16:13
patchstack
patchstack