Infinitewp : Security Vulnerabilities, CVEs,

CVE-2020-28642

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.
Max CVSS
9.8
EPSS Score
0.66%
Published
2020-11-16
Updated
2020-11-30

CVE-2014-9521

Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename.
Max CVSS
7.5
EPSS Score
0.89%
Published
2015-01-05
Updated
2020-11-30

CVE-2014-9520

SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2015-01-05
Updated
2020-11-30

CVE-2014-9519

SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2015-01-05
Updated
2020-11-30
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close