Authentication Flaws in Melhor Envio Plugin for WordPress
CVE-2026-54804

7.6HIGH

Key Information:

Vendor: WordPress
Status: Melhor Envio
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-54804?

The Melhor Envio plugin for WordPress, specifically versions up to 2.16.3, is susceptible to a Broken Authentication vulnerability. This flaw allows unauthorized access to subscriber accounts, compromising user data and potentially leading to further exploitation. Website administrators using these versions should take immediate action to secure their sites.

Affected Version(s)

Melhor Envio <= 2.16.3

References

https://patchstack.com/database/wordpress/plugin/melhor-e...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 16, 2026

Credit

HieuPenguinnn | Patchstack Bug Bounty Program

CVE-2026-54804 Data

JSON