Lucene search
K

WordPress InfiniteWP Client Plugin < 1.9.4.5 Authentication Bypass Vulnerability

🗓️ 22 Aug 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 14 Views

WordPress InfiniteWP Client Plugin < 1.9.4.5 Authentication Bypass Vulnerability. Plugin prone to authentication bypass

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2020-8772
10 Feb 202011:42
circl
CVE
CVE-2020-8772
6 Feb 202016:27
cve
Cvelist
CVE-2020-8772
6 Feb 202016:27
cvelist
Nuclei
WordPress InfiniteWP <1.9.4.5 - Authorization Bypass
7 Jul 202616:50
nuclei
NVD
CVE-2020-8772
6 Feb 202017:15
nvd
OSV
CVE-2020-8772
6 Feb 202017:15
osv
Prion
Authorization
6 Feb 202017:15
prion
Positive Technologies
PT-2020-20264
6 Feb 202000:00
ptsecurity
RedhatCVE
CVE-2020-8772
22 May 202516:52
redhatcve
wpexploit
InfiniteWP Client < 1.9.4.5 - Authentication Bypass
14 Jan 202000:00
wpexploit
Rows per page
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:revmakx:infinitewp_client";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.126464");
  script_version("2023-10-13T16:09:03+0000");
  script_tag(name:"last_modification", value:"2023-10-13 16:09:03 +0000 (Fri, 13 Oct 2023)");
  script_tag(name:"creation_date", value:"2023-08-22 09:03:12 +0000 (Tue, 22 Aug 2023)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-02-11 20:05:00 +0000 (Tue, 11 Feb 2020)");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_cve_id("CVE-2020-8772");

  script_name("WordPress InfiniteWP Client Plugin < 1.9.4.5 Authentication Bypass Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_wordpress_plugin_http_detect.nasl");
  script_mandatory_keys("wordpress/plugin/iwp-client/detected");

  script_tag(name:"summary", value:"The WordPress plugin 'InfiniteWP Client' is prone to an
  authentication bypass vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"A missing authorization check in iwp_mmb_set_request in
  init.php. Any attacker who knows the username of an administrator can log in.");

  script_tag(name:"affected", value:"WordPress InfiniteWP Client plugin prior to version 1.9.4.5.");

  script_tag(name:"solution", value:"Update to version 1.9.4.5 or later.");

  script_xref(name:"URL", value:"https://wpscan.com/vulnerability/10011");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe: CPE ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if( version_is_less( version: version, test_version: "1.9.4.5" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "1.9.4.5", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

exit( 99 );

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

13 Oct 2023 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 27.5
CVSS 3.19.8
EPSS0.8787
14