102 matches found
CVE-2024-10585 InfiniteWP Client <= 1.13.0 - Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading
The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the /debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory...
CVE-2024-10585
CVE-2024-10585 affects the InfiniteWP Client plugin for WordPress. The vulnerability is a path traversal issue in all versions up to and including 1.13.0, exploitable via the historyID parameter of the “~/debug-chart/index.php” file, enabling unauthenticated reading of arbitrary .txt files outsid...
CVE-2024-10585 InfiniteWP Client <= 1.13.0 - Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading
The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the /debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory...
WordPress plugin InfiniteWP Client 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
WordPress InfiniteWP Client plugin <= 1.13.0 - Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading vulnerability
Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading vulnerability discovered by villu164 in WordPress Plugin InfiniteWP Client versions = 1.13.0...
CVE-2023-6565
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...
CVE-2023-6565
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...
Design/Logic Flaw
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...
WordPress Plugin InfiniteWP Client plugin for WordPress Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2023-6565
The CVE-2023-6565 issue affects the InfiniteWP Client WordPress plugin (versions
CVE-2023-6565 InfiniteWP Client <= 1.12.3 - Unauthenticated Sensitive Information Exposure
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...
CVE-2023-6565 InfiniteWP Client <= 1.12.3 - Unauthenticated Sensitive Information Exposure
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...
PT-2024-15009 · WordPress · Infinitewp Client
Name of the Vulnerable Software and Affected Versions: InfiniteWP Client plugin for WordPress versions up to, and including, 1.12.3 Description: The issue allows unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window ...
WordPress InfiniteWP Client Plugin <= 1.12.3 is vulnerable to Sensitive Data Exposure
Software InfiniteWP Client Type Plugin Vulnerable versions = 1.12.3 Fixed in 1.12.3.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6565 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 133bb5df9f72 Credits Christian Angel...
InfiniteWP Client < 1.12.3.1 - Unauthenticated Sensitive Information Exposure
Description The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeat...
WordPress InfiniteWP Client Plugin < 1.9.4.5 Authentication Bypass Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revmakx:infinitewpclient"; ifdescription...
WordPress InfiniteWP Client Plugin < 1.12.1 Information Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revmakx:infinitewpclient"; ifdescription...
Exploit for Exposure of Resource to Wrong Sphere in Revmakx Infinitewp_Client
CVE-2023-2916 CVE-2023-2916 PoC The InfiniteWP Client plugin f...
CVE-2023-2916
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...
CVE-2023-2916
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...