CVSS 3.1 Score 8.8 of 10 (high)


Published Aug 9, 2023
Updated: Nov 7, 2023
CWE ID 434


CVE-2023-4243 is a vulnerable plugin called FULL - Customer for WordPress, which allows authenticated attackers with subscriber-level permissions and above to upload arbitrary files onto the site. The vulnerability exists in versions up to and including 2.2.3 of the plugin due to improper authorization. This can be exploited by installing plugins from remote locations, including non-repository sources, as long as they are packaged as valid WordPress plugins. The vulnerability has a risk score of 66 and a base severity rating of high. It affects multiple products within the t0OPF range and poses a potential danger to organizations as it could lead to the execution of malicious code on the affected WordPress sites.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4243 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options