VYPR

InfiniteWP Client

by WordPress

CVEs (3)

  • CVE-2020-8772CriFeb 6, 2020
    risk 0.74cvss 9.8epss 0.88

    The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.

  • CVE-2023-2916HigAug 15, 2023
    risk 0.43cvss 7.5epss 0.21

    The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data…

  • CVE-2023-6565MedFeb 29, 2024
    risk 0.31cvss 5.9epss 0.01

    The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via…