cleantalk
Vulnerabilities and Security Researches

Infility Global, CVE-2024-11496

CVE, Research URL

CVE-2024-11496

Home page URL

Security reports for Infility Global

Application

Infility Global

Published on
Jan 07, 2025
Research Description
The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options and potentially break the site.
Affected versions
Min -, max 2.9.9.
Status
vulnerable
Previous vulnerability researches
Infility Global (CVE-2024-12723) , Jan 29, 2025
Infility Global (CVE-2024-11496) , Jan 08, 2025
Infility Global (CVE-2025-47651) , Jun 14, 2025
Infility Global (CVE-2024-12290) , Jan 08, 2025
Infility Global (CVE-2025-52774) , Jul 04, 2025
New vulnerability
NGG Smart Image Search (CVE-2025-52832) , Jul 05, 2025
(Simply) Guest Author Name (CVE-2025-24764) , Jul 05, 2025
Beautiful Cookie Consent Banner (CVE-2025-49866) , Jul 05, 2025
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (CVE-2025-49870) , Jul 05, 2025
WP Compress – Image Optimizer [All-In-One] (CVE-2025-47479) , Jul 05, 2025