SQL Injection in InfiniteWP Admin Panel (CVE-2024-22506)
This is a security advisory for a vulnerability that has been assigned a CVE identifier but has not been publicly disclosed by the vendor. This information is intended for security researchers, system administrators, and the public to promote awareness and responsible disclosure. SQL Injection in InfiniteWP Admin Panel (CVE-2024-22506) Date of Announcement: September 29, 2025 Overview A time-based SQL Injection vulnerability has been identified in the InfiniteWP Admin Panel, a web application for managing WordPress installations. This vulnerability, tracked as CVE-2024-22506 , allows an attacker to manipulate the application's database by injecting malicious SQL queries. Vulnerability Details CVE ID CVE-2024-22506 Vulnerability Type Time-Based SQL Injection Affected Software InfiniteWP Admin Panel Vulnerable Parameter appInstallHash An attacker can exploit this vulnerability by sending a crafted POST request with a malicious SQL payload in the appIns...