The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-08-09T03:36:14.224Z
Updated: 2024-08-02T07:24:03.560Z
Reserved: 2023-08-08T15:28:19.695Z
Link: CVE-2023-4242
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-08-09T04:15:10.657
Modified: 2023-11-07T04:22:21.677
Link: CVE-2023-4242
Redhat
No data.