2 matches found
CVE-2024-11496
CVE-2024-11496 : Infility Global plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in infility_global_ajax (all versions ≤ 2.9.8). Authenticated users with Subscriber+ access can update plugin options, potentially breaking the site. Wordfence l...
CVE-2024-12290
CVE-2024-12290: Infility Global WordPress plugin allows unauthenticated Reflected XSS via the set_type parameter in all versions up to 2.9.8; exploit injects script into pages executed when a user clicks a link. Patch status in connected docs indicates a fix has been applied.