Lucene search
K

4 matches found

Nuclei
Nuclei
added yesterday77 views

WordPress InfiniteWP <1.9.4.5 - Authorization Bypass

WordPress InfiniteWP plugin before 1.9.4.5 for WordPress contains an authorization bypass vulnerability via a missing authorization check in iwpmmbsetrequest in init.php. An attacker who knows the username of an administrator can log in, thereby making it possible to obtain sensitive information,...

9.8CVSS7.2AI score0.8787EPSS
Exploits2References5
Circl
Circl
added 2020/02/10 11:42 a.m.4 views

CVE-2020-8772

creationtimestamp| type| source ---|---|--- 2020-02-10 11:42:10+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wpinfinitewpauthbypass.rb 2025-10-23 21:12:59+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

9.8CVSS9AI score0.8787EPSS
Exploits2References1
OSV
OSV
added 2020/02/06 5:15 p.m.5 views

CVE-2020-8772

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...

9.8CVSS7.3AI score0.8787EPSS
Exploits2References2
CVE
CVE
added 2020/02/06 4:27 p.m.187 views

CVE-2020-8772

The CVE-2020-8772 entry concerns the WordPress InfiniteWP Client plugin prior to 1.9.4.5, which contains a missing authorization check in iwp_mmb_set_request (init.php). Exploitation allows an attacker who knows an administrator’s username to log in as that user, enabling access to sensitive info...

9.8CVSS9.4AI score0.8787EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder