🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

InfiniteWP Client

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > InfiniteWP Client

Information

Software Type	Plugin
Software Slug	iwp-client (view on wordpress.org)
Software Status	Active
Software Author	infinitewp
Software Website	infinitewp.com
Software Downloads	7,098,570
Software Active Installs	200,000
Software Record Last Updated	May 19, 2024

6 Vulnerabilities

InfiniteWP Client <= 1.12.3 - Unauthenticated Sensitive Information Exposure

5.9

CVE-2023-6565

Feb 8, 2024

Researcher: Christian Angel

InfiniteWP Client <= 1.11.1 - Authenticated (Subscriber+) Sensitive Information Exposure

7.5

CVE-2023-2916

Aug 14, 2023

Researcher: István Márton

InfiniteWP Client <= 1.9.4.4 - Authentication Bypass

9.8

CVE-2020-8772

Jan 14, 2020

Researcher: WebARX Security

InfiniteWP Client <= 1.6.0 - Unauthenticated PHP Object Injection

9.8

CVE-2016-15004

Jan 25, 2017

Researcher: Yorick Koster,

InfiniteWP Client <= 1.3.7 - Privilege Escalation

9.8

CVE ID Unknown

Dec 2, 2014

Researcher: Marc-Alexandre Montpas

InfiniteWP Client <= 1.3.7 - PHP Object Injection

9.8

CVE ID Unknown

Dec 2, 2014

Researcher: Marc-Alexandre Montpas

Title	Status	CVE ID	CVSS	Researchers	Date
InfiniteWP Client <= 1.12.3 - Unauthenticated Sensitive Information Exposure	Patched	CVE-2023-6565	5.9	Christian Angel	February 8, 2024
InfiniteWP Client <= 1.11.1 - Authenticated (Subscriber+) Sensitive Information Exposure	Patched	CVE-2023-2916	7.5	István Márton	August 14, 2023
InfiniteWP Client <= 1.9.4.4 - Authentication Bypass	Patched	CVE-2020-8772	9.8	WebARX Security	January 14, 2020
InfiniteWP Client <= 1.6.0 - Unauthenticated PHP Object Injection	Patched	CVE-2016-15004	9.8	Yorick Koster,	January 25, 2017
InfiniteWP Client <= 1.3.7 - Privilege Escalation	Patched		9.8	Marc-Alexandre Montpas	December 2, 2014
InfiniteWP Client <= 1.3.7 - PHP Object Injection	Patched		9.8	Marc-Alexandre Montpas	December 2, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation