VYPR

Infinitewp Client

by Revmakx

CVEs (4)

  • CVE-2023-2916HigAug 15, 2023
    risk 0.44cvss 7.5epss 0.21

    The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data…

  • CVE-2023-6565MedFeb 29, 2024
    risk 0.31cvss 5.9epss 0.01

    The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via…

  • CVE-2020-8772Feb 6, 2020
    risk 0.10cvss epss 0.88

    The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.

  • CVE-2024-10585Jan 8, 2025
    risk 0.00cvss epss 0.01

    The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the…