# CVE-2023-2916
CVE-2023-2916 PoC
The InfiniteWP Client plugin for WordPress, in versions up to and including 1.11.1, is vulnerable to a Sensitive Information Exposure flaw. This vulnerability allows authenticated attackers with subscriber-level permissions or above to extract sensitive data, including configuration details. Exploitation of this vulnerability is only possible if the plugin has not been configured previously. When combined with another arbitrary plugin installation and activation vulnerability, it may lead to remote management of the site and potential elevation of privileges.