Information Disclosure Vulnerability in FULL - Customer Plugin for WordPress
CVE-2023-4242

4.3MEDIUM

Key Information:

Vendor

WordPress
Status
Full – Customer
Vendor
CVE Published:
9 August 2023

What is CVE-2023-4242?

The FULL - Customer plugin for WordPress suffers from an information disclosure vulnerability through the /health REST route in versions up to and including 2.2.3. This flaw arises due to improper authorization checks, allowing authenticated attackers with subscriber-level permissions or higher to access sensitive site configuration details exposed by the WordPress health check feature. If exploited, this vulnerability can lead to the leakage of critical information that may aid in further attacks against the affected website.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FULL – Customer * <= 2.2.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/full-customer/...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ramuel Gall
JSON
.