Share
## https://sploitus.com/exploit?id=14C18191-94AC-5ADA-B543-734CC33ADA36
It is an exploit module for InfiniteWP Client < 1.9.4.5 - Authentication Bypass. The primary CVE ID is not explicitly stated, but the exploit is based on a vulnerability disclosed at https://0day.work/infinitewp-client-1-9-4-5-authentication-bypass/. The target product/service is InfiniteWP Client, and the vulnerability class is authentication bypass. The probable entry point is the `exploit.py` script, which is invoked by running `python exploit.py -u server_url -m rest/sitemap`. Not specified. Preconditions include a vulnerable version of InfiniteWP Client (less than 1.9.4.5) and exposed Wordpress API users. The expected impact is authentication bypass, allowing unauthorized access to the InfiniteWP Client. Observable network artifacts include requests to the Wordpress API and the InfiniteWP Client.