CVE-2020-8772

Name of the Vulnerable Software and Affected Versions InfiniteWP Client plugin versions prior to 1.9.4.5

Description The issue is related to a missing authorization check in the iwp mmb set request function in init.php. This allows an attacker who knows the username of an administrator to log in without proper authorization.

Recommendations For versions prior to 1.9.4.5, update to version 1.9.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the init.php file or the iwp mmb set request function to minimize the risk of exploitation.