PT-2023-28332 · WordPress · Full - Customer

Ram

Publicado

2023-08-08

Atualizado

2023-08-14

CVE-2023-4242

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions The FULL - Customer plugin for WordPress versions up to, and including, 2.2.3

Description The issue allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check via the "/health" REST route due to improper authorization.

Recommendations For versions up to, and including, 2.2.3, consider disabling access to the "/health" REST route until a patch is available to prevent exploitation. Restrict permissions for authenticated users to minimize the risk of sensitive information disclosure.

Correção

Improper Authentication

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-863

Identificadores relacionados

CVE-2023-4242

Produtos afetados

Full - Customer

PT-2023-28332 · WordPress · Full - Customer

CVE-2023-4242

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9