CVE-2023-6565
published 2024-02-29CVE-2023-6565: The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call…
PriorityP334medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
0.64%
46.2th percentile
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window of the backup process.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| revmakx | infinitewp_client | < 1.12.3.1 | 1.12.3.1 |
| revmakx | infinitewp_client | <= 1.12.3 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset/3007309/iwp-clienthttps://www.wordfence.com/threat-intel/vulnerabilities/id/2fdc32a4-adf8-4174-924b-5d0b763d010c?source=cvehttps://plugins.trac.wordpress.org/changeset/3007309/iwp-clienthttps://www.wordfence.com/threat-intel/vulnerabilities/id/2fdc32a4-adf8-4174-924b-5d0b763d010c?source=cve
2024-02-29
Published