9.5 High
AI Score
Confidence
High
0.968 High
EPSS
Percentile
99.7%
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.
wpvulndb.com/vulnerabilities/10011
www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/