CVE-2023-4242: 
WordPress vulnerability analysis and mitigation

The FULL - Customer plugin for WordPress contains an Information Disclosure vulnerability (CVE-2023-4242) via the /health REST route in versions up to and including 2.2.3. The vulnerability was discovered and disclosed on August 9, 2023, affecting WordPress installations with the FULL - Customer plugin installed (NVD).

The vulnerability stems from improper authorization controls in the /health REST route of the FULL - Customer WordPress plugin. The issue allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check. The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (Wordfence).

When exploited, this vulnerability allows authenticated users with subscriber-level access to obtain sensitive information about the WordPress site configuration through the health check functionality. This could potentially expose system details that should only be accessible to administrators (NVD).

Users should upgrade their FULL - Customer plugin to a version newer than 2.2.3 to address this vulnerability. If immediate updating is not possible, consider restricting access to subscriber-level accounts or temporarily disabling the plugin (NVD).