Fullservices Full – Cliente
5 CVEs affecting Fullservices Full – Cliente. Latest disclosed: 2025-05-02. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4243 | High | 8.8 | 2023-08-09 | The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due… |
CVE-2024-6447 | High | 7.2 | 2024-07-11 | The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.1… |
CVE-2024-12023 | Medium | 6.5 | 2025-05-02 | The FULL – Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping… |
CVE-2024-9211 | Medium | 6.1 | 2024-10-11 | The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate… |
CVE-2023-4242 | Medium | 4.3 | 2023-08-09 | The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to impr… |