CVE-2021-25009

CVE-2021-25009: CorreosExpress <= 2.6.0 - Sensitive Information Disclosure

Vendor Unknown
Product CorreosExpress – Shipping Management – Tags
Weakness CWE-532 · Sensitive info in logs
Published March 7, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses

Key dates

02Disclosure timeline

March 7, 2022 CVE published
August 3, 2024 Record updated