Lucene search
+L

102 matches found

exploitdb
exploitdb
added 2020/02/11 12:0 a.m.156 views

WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress InfiniteWP Client Authentication Bypass', 'Description' = %q This module exploits an authentication bypass in the WordPress InfiniteWP...

7.4AI score
Exploits0
circl
circl
added 2020/02/10 11:42 a.m.5 views

CVE-2020-8772

creationtimestamp| type| source ---|---|--- 2020-02-10 11:42:10+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wpinfinitewpauthbypass.rb 2025-10-23 21:12:59+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

9.8CVSS9AI score0.8787EPSS
Exploits2References1
packetstorm
packetstorm
added 2020/02/10 12:0 a.m.92 views

WordPress InfiniteWP Client Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress InfiniteWP Client Authentication Bypass', 'Description' = %q This module exploits an authentication bypass in the WordPress InfiniteWP...

0.4AI score
Exploits0
osv
osv
added 2020/02/06 5:15 p.m.5 views

CVE-2020-8772

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...

9.8CVSS7.3AI score0.8787EPSS
Exploits2References2
nvd
nvd
added 2020/02/06 5:15 p.m.17 views

CVE-2020-8772

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...

9.8CVSS9.5AI score0.8787EPSS
Exploits2References2
prion
prion
added 2020/02/06 5:15 p.m.15 views

Authorization

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...

7.5CVSS9.4AI score0.8787EPSS
Exploits2References2Affected Software1
cve
cve
added 2020/02/06 4:27 p.m.189 views

CVE-2020-8772

The CVE-2020-8772 entry concerns the WordPress InfiniteWP Client plugin prior to 1.9.4.5, which contains a missing authorization check in iwp_mmb_set_request (init.php). Exploitation allows an attacker who knows an administrator’s username to log in as that user, enabling access to sensitive info...

9.8CVSS9.4AI score0.8787EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2020/02/06 4:27 p.m.23 views

CVE-2020-8772

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...

9.5AI score0.8787EPSS
Exploits2References2
ptsecurity
ptsecurity
added 2020/02/06 12:0 a.m.8 views

PT-2020-20264

Name of the Vulnerable Software and Affected Versions: InfiniteWP Client plugin versions prior to 1.9.4.5 Description: The InfiniteWP Client plugin for WordPress has a missing authorization check in the iwp mmb set request function within the init.php file. An attacker who knows an administrator'...

9.8CVSS8.8AI score0.8787EPSS
Exploits2References5
threatpost
threatpost
added 2020/01/30 9:49 p.m.67 views

200K WordPress Sites Vulnerable to Plugin Flaw

A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the...

6.8CVSS0.7AI score0.11905EPSS
Exploits2References6
nessus
nessus
added 2020/01/25 12:0 a.m.10 views

InfiniteWP Client Plugin for WordPress < 1.9.4.5 Authentication Bypass

The WordPress InfiniteWP Client Plugin installed on the remote host is affected by an authentication bypass vulnerability due to logical error. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

7.6AI score
Exploits0References2
metasploit
metasploit
added 2020/01/18 2:12 a.m.94 views

WordPress InfiniteWP Client Authentication Bypass

This module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGINFILE. The module will attempt to retrieve the original PLUGINFILE contents and restore them after payload...

8.4AI score
Exploits0
packetstorm
packetstorm
added 2020/01/17 12:0 a.m.137 views

WordPress InfiniteWP Client Authentication Bypass

Exploit Title: Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Date: 2020-1-16 Exploit Author: Raphael Karger Vendor Homepage: https://infinitewp.com/ Version: InfiniteWP Client 1.9.4.5 !/usr/bin/python3 import requests import json import argparse import base64 import json impo...

0.4AI score
Exploits0
zdt
zdt
added 2020/01/17 12:0 a.m.146 views

Wordpress InfiniteWP Client Plugin 1.9.4.5 - Authentication Bypass Exploit

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Exploit Author: Raphael Karger Vendor Homepage: https://infinitewp.com/ Version: InfiniteWP Client 1.9.4.5 !/usr/bin/python3 import requests import json import...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2020/01/17 12:0 a.m.23 views

Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass

Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Exploit Title: Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Date: 2020-1-16 Exploit Author: Raphael Karger Vendor Homepage: https://infinitewp.com/ Version: InfiniteWP Client 1.9.4.5 !/usr/bin/python3 import...

0.4AI score
Exploits0
exploitdb
exploitdb
added 2020/01/17 12:0 a.m.169 views

WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass

Exploit Title: Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Date: 2020-01-16 Exploit Author: B. Canavate Vendor Homepage: https://wptimecapsule.com/ Software Link: https://wptimecapsule.com/ Version: Wordpress Time Capsule Plugin 1.21.16 Tested on: LAMP stack with most recent...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2020/01/17 12:0 a.m.179 views

WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass

Exploit Title: Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Date: 2020-1-16 Exploit Author: Raphael Karger Vendor Homepage: https://infinitewp.com/ Version: InfiniteWP Client 1.9.4.5 !/usr/bin/python3 import requests import json import argparse import base64 import json impo...

7.4AI score
Exploits0
threatpost
threatpost
added 2020/01/15 9:19 p.m.69 views

Critical WordPress Bug Leaves 320,000 Sites Open to Attack

Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a site’s backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in, according to researchers...

7.5AI score
Exploits0References8
wpexploit
wpexploit
added 2020/01/14 12:0 a.m.50 views

InfiniteWP Client < 1.9.4.5 - Authentication Bypass

As per agreement between the researcher and developer, details will be released on January 14th. It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwpmmbsetrequest which is located in the init.php file. This checks if t...

7.5CVSS0.4AI score0.8787EPSS
Exploits2References3
patchstack
patchstack
added 2020/01/08 12:0 a.m.15 views

WordPress InfiniteWP Client plugin <= 1.9.4.4 - Authentication Bypass vulnerability

Authentication Bypass vulnerability found by WebARX in WordPress InfiniteWP Client plugin versions = 1.9.4.4. Solution Update the WordPress InfiniteWP Client plugin to the latest available version at least 1.9.4.5...

3.4AI score
Exploits0References1Affected Software1
Rows per page
Query Builder