cleantalk
Vulnerabilities and Security Researches

InfiniteWP Client, CVE-2020-8772

CVE, Research URL

CVE-2020-8772

Home page URL

Security reports for InfiniteWP Client

Application

InfiniteWP Client

Published on
Feb 06, 2020
Research Description
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.
Affected versions
Min -, max 1.3.15.
Status
vulnerable
Previous vulnerability researches
InfiniteWP Client (CVE-2024-10585) , Jan 08, 2025
InfiniteWP Client (CVE-2020-8772) , Jun 06, 2024
InfiniteWP Client (CVE-2016-15004) , Jun 06, 2024
InfiniteWP Client (CVE-2023-2916) , Jun 06, 2024
InfiniteWP Client (CVE-2023-6565) , Jun 06, 2024
New vulnerability
FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin (CVE-2025-58659) , Sep 27, 2025
Events Manager – OpenStreetMaps (CVE-2025-58265) , Sep 27, 2025
SAPO Feed (CVE-2025-53462) , Sep 27, 2025
Estonian Shipping Methods for WooCommerce (CVE-2025-58656) , Sep 27, 2025
Casengo Live Chat Support (CVE-2025-58688) , Sep 27, 2025