Posts Tagged ‘InfiniteWP’

Wordpress VulnerabilitiesThe researchers emphasize that the gaps in the free app puts at risk the safety of hundreds of thousands of web resources.

According to the Walter Hop’s notification, a security researcher and founder of Netherlands-based Web development company Slik, he was able to find a number of vulnerabilities in popular free application InfiniteWP Admin Panel, which use administrators of the content management system WordPress.

According to the developers of the affected product, for all the history of the project, it has been downloaded at least 875,000 times and is utilized by over 318,000 web sites. With it, administrators can work with multiple installations through one control panel. (more…)

Wordpress VulnerabilitiesPrivilege escalation and potential Object Injection vulnerability. The vulnerability allows a remote user to cause a denial of service and data manipulation.

Danger level: average
The presence of fixes: Yes
The number of vulnerabilities: 1
CVSSv2 rating: (AV: N / AC: L / Au: N / C: N / I: P / A: P / E: U / RL: O / RC: C) = Base: 6.4 / Temporal: 4.7

Vector of operation: Remote
Impact: Denial of service, Unauthorized modification of data (more…)