Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitDaveWPEX-ID:FAC62D36-0FA1-4B43-8F5C-BDDBD0CFF140
HistoryJan 14, 2020 - 12:00 a.m.

InfiniteWP Client < 1.9.4.5 - Authentication Bypass

2020-01-1400:00:00
Dave
25

0.968 High

EPSS

Percentile

99.7%

JSON

As per agreement between the researcher and developer, details will be released on January 14th.

It is possible to login as any administrator on the site due to logical mistakes in the code.

The issue resides in the function iwp_mmb_set_request which is located in the init.php file. This checks if the request_params array of the core class is not empty, which is only set in another function which is only populated when the payload meets certain conditions (in this scenario, the actions readd_site and add_site are the only actions that do not have an authorization check which is why this issue exists.) Once the payload meets these conditions, the username parameter that is supplied will be used to login the requester as that user without performing any further authentication.

Related

prion 1
cvelist 1
wpvulndb 1
nvd 1
openvas 1
cve 1
nuclei 1
prion
prion
Authorization
2020-02-06 17:15:00
cvelist
cvelist
CVE-2020-8772
2020-02-06 16:27:31
wpvulndb
wpvulndb
InfiniteWP Client < 1.9.4.5 - Authentication Bypass
2020-01-14 00:00:00
nvd
nvd
CVE-2020-8772
2020-02-06 17:15:15
openvas
openvas
WordPress InfiniteWP Client Plugin < 1.9.4.5 Authentication Bypass Vulnerability
2023-08-22 00:00:00
cve
cve
CVE-2020-8772
2020-02-06 17:15:15
nuclei
nuclei
WordPress InfiniteWP <1.9.4.5 - Authorization Bypass
2022-08-05 15:29:56

0.968 High

EPSS

Percentile

99.7%

JSON
Related for WPEX-ID:FAC62D36-0FA1-4B43-8F5C-BDDBD0CFF140
prion1cvelist1wpvulndb1nvd1openvas1cve1nuclei1