4 matches found
WordPress InfiniteWP <1.9.4.5 - Authorization Bypass
WordPress InfiniteWP plugin before 1.9.4.5 for WordPress contains an authorization bypass vulnerability via a missing authorization check in iwpmmbsetrequest in init.php. An attacker who knows the username of an administrator can log in, thereby making it possible to obtain sensitive information,...
CVE-2020-8772
creationtimestamp| type| source ---|---|--- 2020-02-10 11:42:10+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wpinfinitewpauthbypass.rb 2025-10-23 21:12:59+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
CVE-2020-8772
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...
CVE-2020-8772
The CVE-2020-8772 entry concerns the WordPress InfiniteWP Client plugin prior to 1.9.4.5, which contains a missing authorization check in iwp_mmb_set_request (init.php). Exploitation allows an attacker who knows an administrator’s username to log in as that user, enabling access to sensitive info...