cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10585,https://securityvulnerability.io/vulnerability/CVE-2024-10585,Path Traversal Vulnerability in InfiniteWP Client Plugin for WordPress,"The InfiniteWP Client plugin for WordPress contains a Path Traversal vulnerability that affects all versions up to and including 1.13.0. This flaw arises from improper validation of the 'historyID' parameter in the ~/debug-chart/index.php file, allowing unauthenticated attackers to access sensitive .txt files located outside the intended directory. If exploited, this could lead to unauthorized disclosure of potentially sensitive information, highlighting the importance of updating to the latest version to safeguard against such attacks.",Wordpress,InfiniteWP Client,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,false,false,false,2025-01-08T05:19:22.264Z,0
CVE-2023-6565,https://securityvulnerability.io/vulnerability/CVE-2023-6565,Sensitive Information Exposure in InfiniteWP Client Plugin for WordPress,"The InfiniteWP Client plugin for WordPress is susceptible to a vulnerability that allows unauthorized parties to access sensitive information. This exposure occurs through the multi-call backup option, enabling attackers to exploit temporary SQL files during the backup process. By crafting repeated GET requests within a specific timeframe, attackers can potentially extract confidential data, posing significant security risks for WordPress users relying on this plugin. It is crucial for users to upgrade to a secure version to mitigate this risk.",Wordpress,InfiniteWP Client,5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-02-29T01:42:00.000Z,0
CVE-2023-2916,https://securityvulnerability.io/vulnerability/CVE-2023-2916,Sensitive Information Exposure in InfiniteWP Client Plugin for WordPress,"The InfiniteWP Client plugin for WordPress has a vulnerability that allows authenticated attackers with subscriber-level permissions or above to access sensitive information, including site configuration details. This occurs through improper handling in the 'admin_notice' function, specifically in versions up to 1.11.1 of the plugin. The exploitation requires that the plugin has not been configured. If this vulnerability is exploited in conjunction with an unchecked arbitrary plugin installation, attackers could gain remote management capabilities and may elevate their privileges, posing significant risks to site integrity and security.",Wordpress,InfiniteWP Client,7.5,HIGH,0.0012400000123307109,false,,false,false,true,true,false,false,2023-08-15T09:15:00.000Z,0
CVE-2020-8772,https://securityvulnerability.io/vulnerability/CVE-2020-8772,,The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.,Wordpress,InfiniteWP Client,9.8,CRITICAL,0.9599199891090393,false,,false,false,false,,false,false,2020-02-06T16:27:31.000Z,0