A critical vulnerability has been discoveredin the InfiniteWP plugin, which allows you to manage an unlimited number of WordPress sites from one central location.
This vulnerability allows anyone to log in to the site as an administrator without needing to know their access password. An attacker can thus gain the ability to administer this site without restrictions, and can thus perform various malicious activities on it.
The bug has been fixed 8. January 2020 with the release of version 1.9.4.5. It is therefore essential to update the plugin to at least this version, all older versions are unsafe.
Source: bleepingcomputer.com
