WordPress Plugin Vulnerabilities

FULL - Customer < 2.3 - Subscriber+ Health Check Disclosure

Description

The plugin does not have proper authorisation in its health REST API, allowing any authenticated user, such as subscriber to access it and retrieve sensitive information from the WordPress health check

Affects Plugins

Plugin icon
full-customer
Fixed in 2.3

References

CVE
CVE-2023-4242

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ramuel Gall
Verified
No
WPVDB ID
a59a0ba6-55e3-431a-bcbf-fa82f1365452

Timeline

Publicly Published
2023-08-08 (about 2 years ago)
Added
2023-08-09 (about 2 years ago)
Last Updated
2023-08-18 (about 2 years ago)

Other

Published
Title
Published
2020-09-17
Title
Discount Rules for WooCommerce < 2.2.1 - Multiple Authorization Bypass
Published
2025-07-25
Title
MelaPress Login Security 2.1.0 - 2.1.1 - Privilege Escalation via Authentication Bypass
Published
2020-01-14
Title
InfiniteWP Client < 1.9.4.5 - Authentication Bypass
Published
2016-06-06
Title
OneLogin SAML SSO <= 2.1.5 - Authentication Bypass
Published
2026-02-23
Title
WeDesignTech Ultimate Booking Addon <= 1.0.1 - Authentication Bypass