• SQL injection, other vulnerabilities found in InfiniteWP admin panel.

    December 11, 2014 by Support Staff
  • SQL injection, other vulnerabilities found in InfiniteWP admin panel.

    A researcher with Slik identified and reported several vulnerabilities in the InfiniteWP administration application for WordPress Web sites, including SQL injection vulnerabilities that could be used by an unauthenticated attacker to gain control of WordPress sites.

    InfiniteWP allows an administrator to manage multiple Wordpress sites from one control panel. According to the InfiniteWP homepage, it is used on over 317,000 Wordpress sites.

    The InfiniteWP Admin Panel contains a number of vulnerabilities that can be exploited by an unauthenticated remote attacker.

    These vulnerabilities allow taking over managed Wordpress sites by leaking secret InfiniteWP client keys, allow SQL injection, allow cracking of InfiniteWP admin passwords, and in some cases allow PHP code injection.

    It is strongly recommended that InfiniteWP users upgrade to InfiniteWP Admin Panel 2.4.4

    See this blog post for more information about the vulnerabilities.

Powered by · ©2006 - 2017 Tierra Hosting, LLC · Legal · Privacy · Domain Policies · ICANN Registrant Rights & Responsibilities
Secured by PayPal
SSL Certificate