VYPR
Vendor

Infinitewp

Products
2
CVEs
4
Across products
7
Status
Private

Products

2

Recent CVEs

4
  • CVE-2020-28642CriNov 16, 2020
    risk 0.64cvss 9.8epss 0.03

    In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.

  • CVE-2014-9521Jan 5, 2015
    risk 0.00cvss epss 0.02

    Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to…

  • CVE-2014-9520Jan 5, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.

  • CVE-2014-9519Jan 5, 2015
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.