CVE-2023-4242
published 2023-08-09CVE-2023-4242: The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.43%
34.6th percentile
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| full | full_customer | <= 2.2.3 | — |
| fullservices | full_cliente | <= 2.2.3 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET SCADA Rockwell RNA Message Large Header Length - 8Kb
suricata·2011-09-30
ET SCADA Rockwell RNA Message Large Header Length - 8Kb
ET SCADA Rockwell RNA Message Large Header Length - 8Kb
Rule: alert tcp any !443 -> $HOME_NET [1330,1331,1332,4241,4242,4445,4446,5241,6543,9111,60093,49281] (msg:"ET SCADA Rockwell RNA Message Large Header Length - 8Kb"; flow:established,to_server; content:"rna|f2|"; startswith; fast_pattern; byte_test:4,>,0x2000,0,relative,little; classtype:attempted-dos; sid:2049795; rev:5; metadata:attack_target ICS, created_at 2011_09_30, cve CVE_2011_3489, deployment Internal, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_12_27, reviewed_at 2024_03_06, former_sid 2803783; target:dest_ip;)
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/full-customer/tags/1.1.0/app/api/Health.phphttps://plugins.trac.wordpress.org/browser/full-customer/tags/2.3/app/api/Controller.php?rev=2951561https://www.wordfence.com/threat-intel/vulnerabilities/id/a77d0fb5-8829-407d-a40a-169cf0c5f837?source=cvehttps://plugins.trac.wordpress.org/browser/full-customer/tags/1.1.0/app/api/Health.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/a77d0fb5-8829-407d-a40a-169cf0c5f837?source=cve
2023-08-09
Published