Skip to main content

Infinitewp

4 CVEs product

Monthly

CVE-2020-28642 CRITICAL Act Now

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Infinitewp
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2014-9521 HIGH This Week

Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection File Upload Infinitewp
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-9520 HIGH This Week

SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Infinitewp
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-9519 HIGH This Week

SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Infinitewp
NVD
CVSS 2.0
7.5
EPSS
0.3%
EPSS 3% CVSS 9.8
CRITICAL Act Now

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Infinitewp
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Infinitewp
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Infinitewp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy