cleantalk
Vulnerabilities and Security Researches

InfiniteWP Client, CVE-2024-10585

CVE, Research URL

CVE-2024-10585

Home page URL

Security reports for InfiniteWP Client

Application

InfiniteWP Client

Published on
Jan 08, 2025
Research Description
The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory.
Affected versions
Min -, max 1.13.1.
Status
vulnerable
Previous vulnerability researches
InfiniteWP Client (CVE-2024-10585) , Jan 08, 2025
InfiniteWP Client (CVE-2020-8772) , Jun 06, 2024
InfiniteWP Client (CVE-2016-15004) , Jun 06, 2024
InfiniteWP Client (CVE-2023-2916) , Jun 06, 2024
InfiniteWP Client (CVE-2023-6565) , Jun 06, 2024
New vulnerability
FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin (CVE-2025-58659) , Sep 27, 2025
Events Manager – OpenStreetMaps (CVE-2025-58265) , Sep 27, 2025
SAPO Feed (CVE-2025-53462) , Sep 27, 2025
Estonian Shipping Methods for WooCommerce (CVE-2025-58656) , Sep 27, 2025
Casengo Live Chat Support (CVE-2025-58688) , Sep 27, 2025