Description
WordPress Plugin InfiniteWP Client is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently disable a users web site by putting it in maintenance mode if admin username is known. WordPress Plugin InfiniteWP Client version 1.3.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.8 or latest
References
Related Vulnerabilities
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.9.7)
Dolphin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3167)
WordPress Plugin Permalink Manager Lite Cross-Site Request Forgery (2.2.19.2)