102 matches found
CVE-2023-2916
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...
Privilege escalation
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...
CVE-2023-2916
Affected software : WordPress InfiniteWP Client Plugin for WordPress (
CVE-2023-2916 InfiniteWP Client <= 1.11.1 - Authenticated (Subscriber+) Sensitive Information Exposure
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...
WordPress InfiniteWP Client Plugin <= 1.11.1 is vulnerable to Sensitive Data Exposure
Software InfiniteWP Client Type Plugin Vulnerable versions = 1.11.1 Fixed in 1.12.1 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-2916 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 88e39a11f14f Credits Lana Codes Required...
PT-2023-22177 · WordPress · Infinitewp Client
Name of the Vulnerable Software and Affected Versions: InfiniteWP Client plugin for WordPress versions up to, and including, 1.11.1 Description: The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure via the admin notice function. This can allow authenticated...
WordPress Plugin InfiniteWP Client Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerabilit...
CVE-2016-15004
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...
CVE-2016-15004
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...
Design/Logic Flaw
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...
CVE-2016-15004 InfiniteWP Client Plugin injection
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...
CVE-2016-15004 InfiniteWP Client Plugin injection
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...
CVE-2016-15004
CVE-2016-15004 affects InfiniteWP Client Plugin for WordPress (versions around 1.5.1.3/1.6.0). The vulnerability type is an injection caused by an unknown faulty functionality, permitting a remote attack. Supported by connected documents, the issue is addressed by upgrading to version 1.6.1.1. Ex...
Revmakx InfiniteWP Client Plugin 注入漏洞
Revmakx InfiniteWP Client Plugin is a self-hosted system from Revmakx India. Allows users to manage an unlimited number of WordPress sites from their own server. An injection vulnerability exists in Revmakx InfiniteWP Client Plugin version 1.5.1.3/1.6.0, the vulnerability stems from the affected ...
CVE-2020-28642
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks...
CVE-2020-28642
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks...
CVE-2020-28642
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks...
CVE-2020-28642
CVE-2020-28642 affects InfiniteWP Admin Panel prior to 3.1.12.3. The vulnerability stems from resetPasswordSendMail generating a weak password-reset code, enabling remote attackers to perform admin account takeover. The connected sources (NVD, Red Hat advisory, PRION, CVE lists) consistently desc...
WordPress InfiniteWP Plugin Authentication Bypass
An authentication bypass vulnerability exists in WordPress InfiniteWP plugin. This allows remote attackers to perform administrative actions without authentication...
WordPress InfiniteWP Client Authentication Bypass Exploit
This Metasploit module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGINFILE. The module will attempt to retrieve the original PLUGINFILE contents and restore them...