Lucene search
+L

102 matches found

vulnrichment
vulnrichment
added 2025/01/08 5:19 a.m.11 views

CVE-2024-10585 InfiniteWP Client <= 1.13.0 - Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading

The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the /debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory...

5.3CVSS6.8AI score0.00639EPSS
Exploits0References3
cve
cve
added 2025/01/08 5:19 a.m.97 views

CVE-2024-10585

CVE-2024-10585 affects the InfiniteWP Client plugin for WordPress. The vulnerability is a path traversal issue in all versions up to and including 1.13.0, exploitable via the historyID parameter of the “~/debug-chart/index.php” file, enabling unauthenticated reading of arbitrary .txt files outsid...

5.3CVSS5.2AI score0.00639EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2025/01/08 5:19 a.m.40 views

CVE-2024-10585 InfiniteWP Client <= 1.13.0 - Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading

The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the /debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory...

5.3CVSS0.00639EPSS
Exploits0References3
cnnvd
cnnvd
added 2025/01/08 12:0 a.m.6 views

WordPress plugin InfiniteWP Client 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

5.3CVSS8.3AI score0.00639EPSS
Exploits0References4
patchstack
patchstack
added 2025/01/07 7:36 p.m.9 views

WordPress InfiniteWP Client plugin <= 1.13.0 - Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading vulnerability

Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading vulnerability discovered by villu164 in WordPress Plugin InfiniteWP Client versions = 1.13.0...

5.3CVSS7AI score0.00639EPSS
Exploits0References1Affected Software1
osv
osv
added 2024/02/29 1:42 a.m.4 views

CVE-2023-6565

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

5.9CVSS7.3AI score0.00642EPSS
Exploits0References2
nvd
nvd
added 2024/02/29 1:42 a.m.31 views

CVE-2023-6565

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

5.9CVSS5.9AI score0.00642EPSS
Exploits0References2
prion
prion
added 2024/02/29 1:42 a.m.34 views

Design/Logic Flaw

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

2.6CVSS7.8AI score0.00642EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/02/29 12:0 a.m.6 views

WordPress Plugin InfiniteWP Client plugin for WordPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.9CVSS6.3AI score0.00642EPSS
Exploits0References3
cve
cve
added 2024/02/20 6:56 p.m.75 views

CVE-2023-6565

The CVE-2023-6565 issue affects the InfiniteWP Client WordPress plugin (versions

5.9CVSS6.7AI score0.00642EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/02/20 6:56 p.m.14 views

CVE-2023-6565 InfiniteWP Client <= 1.12.3 - Unauthenticated Sensitive Information Exposure

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

5.9CVSS6.8AI score0.00642EPSS
Exploits0References2
cvelist
cvelist
added 2024/02/20 6:56 p.m.33 views

CVE-2023-6565 InfiniteWP Client <= 1.12.3 - Unauthenticated Sensitive Information Exposure

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

5.9CVSS6.1AI score0.00642EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/02/20 12:0 a.m.7 views

PT-2024-15009 · WordPress · Infinitewp Client

Name of the Vulnerable Software and Affected Versions: InfiniteWP Client plugin for WordPress versions up to, and including, 1.12.3 Description: The issue allows unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window ...

5.9CVSS9.8AI score0.00642EPSS
Exploits0References6
patchstack
patchstack
added 2024/02/12 12:0 a.m.11 views

WordPress InfiniteWP Client Plugin <= 1.12.3 is vulnerable to Sensitive Data Exposure

Software InfiniteWP Client Type Plugin Vulnerable versions = 1.12.3 Fixed in 1.12.3.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6565 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 133bb5df9f72 Credits Christian Angel...

5.9CVSS6.5AI score0.00642EPSS
Exploits0References3Affected Software1
wpvulndb
wpvulndb
added 2024/02/09 12:0 a.m.16 views

InfiniteWP Client < 1.12.3.1 - Unauthenticated Sensitive Information Exposure

Description The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeat...

5.9CVSS7.5AI score0.00642EPSS
Exploits0References1Affected Software1
openvas
openvas
added 2023/08/22 12:0 a.m.25 views

WordPress InfiniteWP Client Plugin < 1.9.4.5 Authentication Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revmakx:infinitewpclient"; ifdescription...

9.8CVSS9.6AI score0.8787EPSS
Exploits2References1
openvas
openvas
added 2023/08/16 12:0 a.m.23 views

WordPress InfiniteWP Client Plugin < 1.12.1 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:revmakx:infinitewpclient"; ifdescription...

7.5CVSS7AI score0.20888EPSS
Exploits2References1
githubexploit
githubexploit
added 2023/08/15 1:51 p.m.671 views

Exploit for Exposure of Resource to Wrong Sphere in Revmakx Infinitewp_Client

CVE-2023-2916 CVE-2023-2916 PoC The InfiniteWP Client plugin f...

7.5CVSS5.7AI score0.20888EPSS
Exploits2
osv
osv
added 2023/08/15 9:15 a.m.6 views

CVE-2023-2916

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

5.3CVSS5.7AI score0.20888EPSS
Exploits2References3
nvd
nvd
added 2023/08/15 9:15 a.m.25 views

CVE-2023-2916

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

7.5CVSS7.4AI score0.20888EPSS
Exploits2References3
Rows per page
Query Builder