Unrated severityNVD Advisory· Published Jan 8, 2025· Updated Apr 8, 2026
InfiniteWP Client <= 1.13.0 - Unauthenticated Limited Directory Traversal to Arbitrary .txt File Reading
CVE-2024-10585
Description
The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=1.13.0
- Range: 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.