3 matches found
CVE-2024-11496
CVE-2024-11496 : Infility Global plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in infility_global_ajax (all versions ≤ 2.9.8). Authenticated users with Subscriber+ access can update plugin options, potentially breaking the site. Wordfence l...
CVE-2024-12723
CVE-2024-12723 affects the WordPress plugin Infility Global up to version 2.9.8. The root cause is failure to sanitize and escape a parameter before outputting it on the page, producing a Reflected XSS vulnerability. Impact is described as potentially affecting high-privilege users such as admins...
CVE-2024-12290
CVE-2024-12290: Infility Global WordPress plugin allows unauthenticated Reflected XSS via the set_type parameter in all versions up to 2.9.8; exploit injects script into pages executed when a user clicks a link. Patch status in connected docs indicates a fix has been applied.