2 matches found
CVE-2023-4243
CVE-2023-4243 affects the FULL – Customer WordPress plugin. Root cause: improper authorization in the /install-plugin REST route allows authenticated users with subscriber-level or higher to install plugins from arbitrary remote locations, enabling potential code execution. Affected: FULL – Custo...
CVE-2023-4242
CVE-2023-4242 affects the WordPress plugin FULL – Customer . The issue allows an authenticated user with subscriber-level permissions or higher to disclose sensitive site configuration information via the REST route /health . Affected versions are up to and including 2.2.3 ; the underlying cause ...