WordPress InfiniteWP plugin before 1.9.4.5 for WordPress contains an authorization bypass vulnerability via a missing authorization check in iwp_mmb_set_request in init.php. An attacker who knows the username of an administrator can log in, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.
id: CVE-2020-8772
info:
name: WordPress InfiniteWP <1.9.4.5 - Authorization Bypass
author: prin
...