Encrypted Thoughts | Cybersecurity, Pentesting & Threat Intelligence

This is a security advisory for a vulnerability that has been assigned a CVE identifier but has not been publicly disclosed by the vendor. This information is intended for security researchers, system administrators, and the public to promote awareness and responsible disclosure. SQL Injection in InfiniteWP Admin Panel (CVE-2024-22506) Date of Announcement: September 29, 2025 Overview A time-based SQL Injection vulnerability has been identified in the InfiniteWP Admin Panel, a web application for managing WordPress installations. This vulnerability, tracked as CVE-2024-22506 , allows an attacker to manipulate the application's database by injecting malicious SQL queries. Vulnerability Details CVE ID CVE-2024-22506 Vulnerability Type Time-Based SQL Injection Affected Software InfiniteWP Admin Panel Vulnerable Parameter appInstallHash An attacker can exploit this vulnerability by sending a crafted POST request with a malicious SQL payload in the appIns...

This is a security advisory for a vulnerability that has been assigned a CVE identifier but has not been publicly disclosed by the vendor. This information is intended for security researchers, system administrators, and the public to promote awareness and responsible disclosure. Vulnerability Announcement: Stored Cross-Site Scripting in InfiniteWP Admin Panel (CVE-2024-22507) Date of Announcement: September 29, 2025 Overview A Stored Cross-Site Scripting (XSS) vulnerability has been discovered in the InfiniteWP Admin Panel, a widely used platform for managing WordPress websites. This vulnerability, identified as CVE-2024-22507 , allows an attacker to inject and store malicious JavaScript code on the server, which is then executed in the browsers of unsuspecting users. Vulnerability Details CVE ID CVE-2024-22507 Vulnerability Type Stored Cross-Site Scripting (Stored XSS) Affected Software InfiniteWP Admin Panel Attack Vector A crafted GET request with a mali...

This is a security advisory for a vulnerability that has been assigned a CVE identifier but has not been publicly disclosed by the vendor. This information is intended for security researchers, system administrators, and the public to promote awareness and responsible disclosure. Date of Announcement: September 29, 2025 Overview A recently discovered vulnerability in the InfiniteWP Admin Panel, a popular tool for managing multiple WordPress sites, has been identified and assigned the CVE identifier CVE-2024-22505 . This vulnerability is an authenticated reflected Cross-Site Scripting (XSS) flaw that could allow an attacker to execute malicious scripts within a user's browser. Vulnerability Details CVE ID CVE-2024-22505 Vulnerability Type Authenticated Reflected Cross-Site Scripting (XSS) Affected Software InfiniteWP Admin Panel up to version 3.4.1 Vulnerable Path /lib/JqueryfileTree/connectors/jqueryFileTree.php Vulnerable Parameter hostName An aut...