CVE-2023-4242 MEDIUM

CVE-2023-4242: FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check

Vendor Fullservices
Product FULL – Cliente
Weakness CWE-287 · Improper authentication
Published August 9, 2023
Last update April 8, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check.

Key dates

02Disclosure timeline

August 9, 2023 CVE published
April 8, 2026 Record updated