WordPress Plugin Vulnerabilities

InfiniteWP Client < 1.12.1 - Unauthenticated Sensitive Information Exposure

Description

The plugin exposes sensitive information to unauthenticated users.

Affects Plugins

Plugin icon
iwp-client
Fixed in 1.12.1

References

CVE
CVE-2023-2916

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
714a1a47-25bb-45b6-a9c9-633e382045b7

Timeline

Publicly Published
2023-08-14 (about 2 years ago)
Added
2023-08-16 (about 2 years ago)
Last Updated
2023-08-16 (about 2 years ago)

Other

Published
Title
Published
2025-10-02
Title
RestroPress – Online Food Ordering System < 3.2.2 - Unauthenticated Information Exposure to Authentication Bypass via Forged JWT
Published
2022-08-01
Title
Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure
Published
2024-07-11
Title
MBE eShip < 2.2.1 - Information Exposure
Published
2026-03-20
Title
SMTP Mailer < 1.1.25 - Unauthenticated Information Exposure
Published
2022-04-18
Title
Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure