VYPR

Full Customer

by Full

CVEs (3)

  • CVE-2023-4243HigAug 9, 2023
    risk 0.57cvss 8.8epss 0.01

    The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute…

  • CVE-2024-54313MedDec 13, 2024
    risk 0.42cvss 6.5epss 0.01

    Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25.

  • CVE-2023-4242MedAug 9, 2023
    risk 0.28cvss 4.3epss 0.00

    The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive…