Lucene search
+L

48 matches found

patchstack
patchstack
added 2024/02/12 12:0 a.m.11 views

WordPress InfiniteWP Client Plugin <= 1.12.3 is vulnerable to Sensitive Data Exposure

Software InfiniteWP Client Type Plugin Vulnerable versions = 1.12.3 Fixed in 1.12.3.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6565 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 133bb5df9f72 Credits Christian Angel...

5.9CVSS6.5AI score0.00642EPSS
Exploits0References3Affected Software1
wpvulndb
wpvulndb
added 2024/02/09 12:0 a.m.16 views

InfiniteWP Client < 1.12.3.1 - Unauthenticated Sensitive Information Exposure

Description The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeat...

5.9CVSS7.5AI score0.00642EPSS
Exploits0References1Affected Software1
openvas
openvas
added 2023/08/22 12:0 a.m.27 views

WordPress InfiniteWP Client Plugin < 1.9.4.5 Authentication Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revmakx:infinitewpclient"; ifdescription...

9.8CVSS9.6AI score0.8787EPSS
Exploits2References1
openvas
openvas
added 2023/08/16 12:0 a.m.23 views

WordPress InfiniteWP Client Plugin < 1.12.1 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revmakx:infinitewpclient"; ifdescription...

7.5CVSS7AI score0.20888EPSS
Exploits2References1
githubexploit
githubexploit
added 2023/08/15 1:51 p.m.671 views

Exploit for Exposure of Resource to Wrong Sphere in Revmakx Infinitewp_Client

CVE-2023-2916 CVE-2023-2916 PoC The InfiniteWP Client plugin f...

7.5CVSS5.7AI score0.20888EPSS
Exploits2
osv
osv
added 2023/08/15 9:15 a.m.7 views

CVE-2023-2916

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

5.3CVSS5.7AI score0.20888EPSS
Exploits2References3
nvd
nvd
added 2023/08/15 9:15 a.m.25 views

CVE-2023-2916

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

7.5CVSS7.4AI score0.20888EPSS
Exploits2References3
attackerkb
attackerkb
added 2023/08/15 9:15 a.m.2 views

CVE-2023-2916

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

7.5CVSS6.8AI score0.20888EPSS
Exploits2References4
prion
prion
added 2023/08/15 9:15 a.m.19 views

Privilege escalation

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

2.1CVSS5.5AI score0.20888EPSS
Exploits2References3Affected Software1
cve
cve
added 2023/08/15 8:32 a.m.89 views

CVE-2023-2916

Affected software : WordPress InfiniteWP Client Plugin for WordPress (

7.5CVSS5.5AI score0.20888EPSS
Exploits2References3Affected Software1
patchstack
patchstack
added 2023/08/15 12:0 a.m.20 views

WordPress InfiniteWP Client Plugin <= 1.11.1 is vulnerable to Sensitive Data Exposure

Software InfiniteWP Client Type Plugin Vulnerable versions = 1.11.1 Fixed in 1.12.1 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-2916 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 88e39a11f14f Credits Lana Codes Required...

7.5CVSS6.5AI score0.20888EPSS
Exploits2References3Affected Software1
cnnvd
cnnvd
added 2023/08/15 12:0 a.m.9 views

WordPress Plugin InfiniteWP Client Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerabilit...

7.5CVSS6.3AI score0.20888EPSS
Exploits2References4
ptsecurity
ptsecurity
added 2023/08/15 12:0 a.m.9 views

PT-2023-22177 · WordPress · Infinitewp Client

Name of the Vulnerable Software and Affected Versions: InfiniteWP Client plugin for WordPress versions up to, and including, 1.11.1 Description: The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure via the admin notice function. This can allow authenticated...

7.5CVSS6.6AI score0.20888EPSS
Exploits2References10
nvd
nvd
added 2022/07/23 7:15 a.m.15 views

CVE-2016-15004

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

9.8CVSS0.01346EPSS
Exploits1References3
osv
osv
added 2022/07/23 7:15 a.m.8 views

CVE-2016-15004

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

9.8CVSS5.5AI score0.01346EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2022/07/23 6:45 a.m.10 views

CVE-2016-15004 InfiniteWP Client Plugin injection

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

7.3CVSS7.3AI score0.01346EPSS
Exploits1References3
exploitdb
exploitdb
added 2020/02/11 12:0 a.m.156 views

WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress InfiniteWP Client Authentication Bypass', 'Description' = %q This module exploits an authentication bypass in the WordPress InfiniteWP...

7.4AI score
Exploits0
zdt
zdt
added 2020/02/11 12:0 a.m.66 views

WordPress InfiniteWP Client Authentication Bypass Exploit

This Metasploit module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGINFILE. The module will attempt to retrieve the original PLUGINFILE contents and restore them...

8AI score
Exploits0
packetstorm
packetstorm
added 2020/02/10 12:0 a.m.93 views

WordPress InfiniteWP Client Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress InfiniteWP Client Authentication Bypass', 'Description' = %q This module exploits an authentication bypass in the WordPress InfiniteWP...

0.4AI score
Exploits0
osv
osv
added 2020/02/06 5:15 p.m.5 views

CVE-2020-8772

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...

9.8CVSS7.3AI score0.8787EPSS
Exploits2References2
Rows per page
Query Builder