Encrypted Thoughts | Cybersecurity, Pentesting & Threat Intelligence

This is a security advisory for a vulnerability that has been assigned a CVE identifier but has not been publicly disclosed by the vendor. This information is intended for security researchers, system administrators, and the public to promote awareness and responsible disclosure. Vulnerability Announcement: Stored Cross-Site Scripting in InfiniteWP Admin Panel (CVE-2024-22507) Date of Announcement: September 29, 2025 Overview A Stored Cross-Site Scripting (XSS) vulnerability has been discovered in the InfiniteWP Admin Panel, a widely used platform for managing WordPress websites. This vulnerability, identified as CVE-2024-22507 , allows an attacker to inject and store malicious JavaScript code on the server, which is then executed in the browsers of unsuspecting users. Vulnerability Details CVE ID CVE-2024-22507 Vulnerability Type Stored Cross-Site Scripting (Stored XSS) Affected Software InfiniteWP Admin Panel Attack Vector A crafted GET request with a mali...

This is a security advisory for a vulnerability that has been assigned a CVE identifier but has not been publicly disclosed by the vendor. This information is intended for security researchers, system administrators, and the public to promote awareness and responsible disclosure. Date of Announcement: September 29, 2025 Overview A recently discovered vulnerability in the InfiniteWP Admin Panel, a popular tool for managing multiple WordPress sites, has been identified and assigned the CVE identifier CVE-2024-22505 . This vulnerability is an authenticated reflected Cross-Site Scripting (XSS) flaw that could allow an attacker to execute malicious scripts within a user's browser. Vulnerability Details CVE ID CVE-2024-22505 Vulnerability Type Authenticated Reflected Cross-Site Scripting (XSS) Affected Software InfiniteWP Admin Panel up to version 3.4.1 Vulnerable Path /lib/JqueryfileTree/connectors/jqueryFileTree.php Vulnerable Parameter hostName An aut...