3 matches found
CVE-2023-4242
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about...
CVE-2023-4242
CVE-2023-4242 affects the WordPress plugin FULL – Customer . The issue allows an authenticated user with subscriber-level permissions or higher to disclose sensitive site configuration information via the REST route /health . Affected versions are up to and including 2.2.3 ; the underlying cause ...
WordPress FULL Customer Plugin <= 2.2.3 is vulnerable to Sensitive Data Exposure
Software FULL Customer Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.3 OWASP Top 10 A5: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4242 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 83963600e826 Credits Ramuel Gall Required privilege...