InfiniteWP allows users to manage unlimited number of WordPress sites from their own server.
There was high severity vulnerability discovered in all InfiniteWP client plugin version < 1.3.8. If you are using InfiniteWP Client WordPress plugin to manage your website, you should immediately upgrade this plugin to latest version.
Any website using InfiniteWP client version below the 1.3.8 version is at risk. An attacker knowing the site’s administrator’s username could force your website to display malicious content. They can force your site to go into maintenance mode and any of the following could be injected:
- Javascript or iframe malware.
- Spam links
- Defacement messages (the infamous “hacked by” type of attack)
Once again, if you are using this plugin, you should immediately upgrade it to latest version.