Infinitewp Client@* Security Vulnerabilities and Issues — Infinitewp Client@* CVE List

Lucene search

RevmakxInfinitewp Client*

4 matches found

CVE•added 2020/02/06 5:15 p.m.•109 views

CVE-2020-8772

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.

9.8CVSS9.4AI score0.93221EPSS

CVE•added 2023/08/15 9:15 a.m.•68 views

CVE-2023-2916

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. I...

7.5CVSS5.5AI score0.29501EPSS

CVE•added 2024/02/29 1:42 a.m.•61 views

CVE-2023-6565

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET request...

5.9CVSS6.7AI score0.00913EPSS

CVE•added 2025/01/08 6:15 a.m.•41 views

CVE-2024-10585

The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory.

5.3CVSS5.2AI score0.00202EPSS