Lucene search
K

102 matches found

OSV
OSV
added 2023/08/15 9:15 a.m.5 views

CVE-2023-2916

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

5.3CVSS5.7AI score0.20888EPSS
Exploits2References3
Prion
Prion
added 2023/08/15 9:15 a.m.18 views

Privilege escalation

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

2.1CVSS5.5AI score0.20888EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2023/08/15 8:32 a.m.89 views

CVE-2023-2916

Affected software : WordPress InfiniteWP Client Plugin for WordPress (

7.5CVSS5.5AI score0.20888EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2023/08/15 8:32 a.m.35 views

CVE-2023-2916 InfiniteWP Client <= 1.11.1 - Authenticated (Subscriber+) Sensitive Information Exposure

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

7.5CVSS7.6AI score0.20888EPSS
Exploits2References3
Patchstack
Patchstack
added 2023/08/15 12:0 a.m.16 views

WordPress InfiniteWP Client Plugin <= 1.11.1 is vulnerable to Sensitive Data Exposure

Software InfiniteWP Client Type Plugin Vulnerable versions = 1.11.1 Fixed in 1.12.1 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-2916 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 88e39a11f14f Credits Lana Codes Required...

7.5CVSS6.5AI score0.20888EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/15 12:0 a.m.7 views

PT-2023-22177 · WordPress · Infinitewp Client

Name of the Vulnerable Software and Affected Versions: InfiniteWP Client plugin for WordPress versions up to, and including, 1.11.1 Description: The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure via the admin notice function. This can allow authenticated...

7.5CVSS6.6AI score0.20888EPSS
Exploits2References10
CNNVD
CNNVD
added 2023/08/15 12:0 a.m.7 views

WordPress Plugin InfiniteWP Client Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerabilit...

7.5CVSS6.3AI score0.20888EPSS
Exploits2References4
OSV
OSV
added 2022/07/23 7:15 a.m.6 views

CVE-2016-15004

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

9.8CVSS5.5AI score0.01346EPSS
Exploits1References3
NVD
NVD
added 2022/07/23 7:15 a.m.15 views

CVE-2016-15004

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

9.8CVSS0.01346EPSS
Exploits1References3
Prion
Prion
added 2022/07/23 7:15 a.m.23 views

Design/Logic Flaw

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

7.5CVSS7.7AI score0.01346EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/07/23 6:45 a.m.9 views

CVE-2016-15004 InfiniteWP Client Plugin injection

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

7.3CVSS7.3AI score0.01346EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/07/23 6:45 a.m.19 views

CVE-2016-15004 InfiniteWP Client Plugin injection

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

7.3CVSS9.8AI score0.01346EPSS
Exploits1References3
CVE
CVE
added 2022/07/23 6:45 a.m.54 views

CVE-2016-15004

CVE-2016-15004 affects InfiniteWP Client Plugin for WordPress (versions around 1.5.1.3/1.6.0). The vulnerability type is an injection caused by an unknown faulty functionality, permitting a remote attack. Supported by connected documents, the issue is addressed by upgrading to version 1.6.1.1. Ex...

9.8CVSS8.8AI score0.01346EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/07/23 12:0 a.m.5 views

Revmakx InfiniteWP Client Plugin 注入漏洞

Revmakx InfiniteWP Client Plugin is a self-hosted system from Revmakx India. Allows users to manage an unlimited number of WordPress sites from their own server. An injection vulnerability exists in Revmakx InfiniteWP Client Plugin version 1.5.1.3/1.6.0, the vulnerability stems from the affected ...

9.8CVSS8.2AI score0.01346EPSS
Exploits1References4
OSV
OSV
added 2020/11/16 2:15 a.m.4 views

CVE-2020-28642

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks...

9.8CVSS5.8AI score0.02525EPSS
Exploits0References1
NVD
NVD
added 2020/11/16 2:15 a.m.18 views

CVE-2020-28642

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks...

9.8CVSS9.4AI score0.02525EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/11/16 1:19 a.m.20 views

CVE-2020-28642

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks...

9.4AI score0.02525EPSS
Exploits0References1
CVE
CVE
added 2020/11/16 1:19 a.m.69 views

CVE-2020-28642

CVE-2020-28642 affects InfiniteWP Admin Panel prior to 3.1.12.3. The vulnerability stems from resetPasswordSendMail generating a weak password-reset code, enabling remote attackers to perform admin account takeover. The connected sources (NVD, Red Hat advisory, PRION, CVE lists) consistently desc...

9.8CVSS9.3AI score0.02525EPSS
Exploits0References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2020/03/11 12:0 a.m.2 views

WordPress InfiniteWP Plugin Authentication Bypass

An authentication bypass vulnerability exists in WordPress InfiniteWP plugin. This allows remote attackers to perform administrative actions without authentication...

5.8AI score
Exploits0
0day.today
0day.today
added 2020/02/11 12:0 a.m.65 views

WordPress InfiniteWP Client Authentication Bypass Exploit

This Metasploit module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGINFILE. The module will attempt to retrieve the original PLUGINFILE contents and restore them...

8AI score
Exploits0
Rows per page
Query Builder