An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server.
Due to the nature of this plugin, this is a serious vulnerability that should be patched as soon as possible to mitigate risk. InfiniteWP users can update their plugin with the latest version 22.214.171.124.
Source: Scuri check