Infility Global Plugin Vulnerability

The Infility Global plugin for WordPress is a third-party extension that allows users to import files into their website. However, due to missing file type validation and capability checks, authenticated attackers with subscriber level access and above can upload arbitrary files on the affected site's server, potentially leading to remote code execution.

You're affected if you use Infility Global. Specific version info not stated in the advisory.

To fix this vulnerability, upgrade to Infility Global plugin version 2.14.24 or later. You can do this through the WordPress dashboard or by manually updating the plugin files.

Immediate mitigations:

• Restrict network access to your WordPress site (firewall it from the public internet)
• Audit admin account activity for suspicious file uploads
• Monitor for unauthorized token creation

• wordpress.org
• www.wordfence.com