102 matches found
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress InfiniteWP Client Authentication Bypass', 'Description' = %q This module exploits an authentication bypass in the WordPress InfiniteWP...
CVE-2020-8772
creationtimestamp| type| source ---|---|--- 2020-02-10 11:42:10+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wpinfinitewpauthbypass.rb 2025-10-23 21:12:59+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...
WordPress InfiniteWP Client Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress InfiniteWP Client Authentication Bypass', 'Description' = %q This module exploits an authentication bypass in the WordPress InfiniteWP...
CVE-2020-8772
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...
CVE-2020-8772
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...
Authorization
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...
CVE-2020-8772
The CVE-2020-8772 entry concerns the WordPress InfiniteWP Client plugin prior to 1.9.4.5, which contains a missing authorization check in iwp_mmb_set_request (init.php). Exploitation allows an attacker who knows an administrator’s username to log in as that user, enabling access to sensitive info...
CVE-2020-8772
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...
PT-2020-20264
Name of the Vulnerable Software and Affected Versions: InfiniteWP Client plugin versions prior to 1.9.4.5 Description: The InfiniteWP Client plugin for WordPress has a missing authorization check in the iwp mmb set request function within the init.php file. An attacker who knows an administrator'...
200K WordPress Sites Vulnerable to Plugin Flaw
A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the...
InfiniteWP Client Plugin for WordPress < 1.9.4.5 Authentication Bypass
The WordPress InfiniteWP Client Plugin installed on the remote host is affected by an authentication bypass vulnerability due to logical error. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
WordPress InfiniteWP Client Authentication Bypass
This module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGINFILE. The module will attempt to retrieve the original PLUGINFILE contents and restore them after payload...
WordPress InfiniteWP Client Authentication Bypass
Exploit Title: Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Date: 2020-1-16 Exploit Author: Raphael Karger Vendor Homepage: https://infinitewp.com/ Version: InfiniteWP Client 1.9.4.5 !/usr/bin/python3 import requests import json import argparse import base64 import json impo...
Wordpress InfiniteWP Client Plugin 1.9.4.5 - Authentication Bypass Exploit
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Exploit Author: Raphael Karger Vendor Homepage: https://infinitewp.com/ Version: InfiniteWP Client 1.9.4.5 !/usr/bin/python3 import requests import json import...
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Exploit Title: Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Date: 2020-1-16 Exploit Author: Raphael Karger Vendor Homepage: https://infinitewp.com/ Version: InfiniteWP Client 1.9.4.5 !/usr/bin/python3 import...
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass
Exploit Title: Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Date: 2020-01-16 Exploit Author: B. Canavate Vendor Homepage: https://wptimecapsule.com/ Software Link: https://wptimecapsule.com/ Version: Wordpress Time Capsule Plugin 1.21.16 Tested on: LAMP stack with most recent...
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Exploit Title: Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Date: 2020-1-16 Exploit Author: Raphael Karger Vendor Homepage: https://infinitewp.com/ Version: InfiniteWP Client 1.9.4.5 !/usr/bin/python3 import requests import json import argparse import base64 import json impo...
Critical WordPress Bug Leaves 320,000 Sites Open to Attack
Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a site’s backend with no password. All an attacker needs is the admin username for the WordPress plugins and they are in, according to researchers...
InfiniteWP Client < 1.9.4.5 - Authentication Bypass
As per agreement between the researcher and developer, details will be released on January 14th. It is possible to login as any administrator on the site due to logical mistakes in the code. The issue resides in the function iwpmmbsetrequest which is located in the init.php file. This checks if t...
WordPress InfiniteWP Client plugin <= 1.9.4.4 - Authentication Bypass vulnerability
Authentication Bypass vulnerability found by WebARX in WordPress InfiniteWP Client plugin versions = 1.9.4.4. Solution Update the WordPress InfiniteWP Client plugin to the latest available version at least 1.9.4.5...