Skip to main content

Infinitewp Client

4 CVEs product

Monthly

CVE-2024-10585 MEDIUM PATCH This Month

The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP WordPress Path Traversal Infinitewp Client
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-6565 MEDIUM PATCH This Month

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

WordPress Information Disclosure Infinitewp Client
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2023-2916 HIGH POC PATCH THREAT Act Now

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.5%.

Information Disclosure WordPress Infinitewp Client
NVD VulDB
CVSS 3.1
7.5
EPSS
29.5%
CVE-2020-8772 CRITICAL POC THREAT Emergency

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP Infinitewp Client
NVD
CVSS 3.1
9.8
EPSS
87.9%
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP WordPress Path Traversal +1
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

WordPress Information Disclosure Infinitewp Client
NVD
EPSS 30% CVSS 7.5
HIGH POC PATCH THREAT Act Now

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.5%.

Information Disclosure WordPress Infinitewp Client
NVD VulDB
EPSS 88% CVSS 9.8
CRITICAL POC THREAT Emergency

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy