Report
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window of the backup process.
Score:5.9
Severity:Medium
Version: 1.12.3
There is a patch available in v1.12.3.1 and we strongly recommend you update to this version as soon as possible.
