3 matches found
CVE-2023-4243
The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing...
CVE-2023-4243 FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Improper Authorization to Arbitrary Plugin Installation
The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing...
WordPress FULL Customer Plugin <= 2.2.3 is vulnerable to Broken Access Control
Software FULL Customer Type Plugin Vulnerable versions = 2.2.3 Fixed in 2.3 OWASP Top 10 A6: Security Misconfiguration Classification Broken Access Control CVE CVE-2023-4243 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 72dc4e55ce85 Credits Ramuel Gall Required privile...