Does Infility Global have any unpatched vulnerabilities?

Yes — Infility Global currently has 7 published unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Infility Global compatible with WordPress 6.8.5?

According to WordPress.org data, Infility Global 2.15.10 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Infility Global compatible with PHP 7.3+?

Infility Global requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Infility Global updated?

Infility Global was last updated on Apr 15, 2026. Frequent updates are generally a positive security signal.

What is Infility Global's security score?

Infility Global has a WP-Safety security score of 30/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Infility Global: 7 Unpatched CVEs

Safety Verdict

Is Infility Global Safe to Use in 2026?

High Risk

Score 30/100

Infility Global carries significant security risk with 11 known CVEs, 7 still unpatched. Consider switching to a maintained alternative.

11 known CVEs 7 unpatched Last CVE: May 19, 2026Updated 1mo ago

Risk Assessment

The "infility-global" plugin v2.14.61 exhibits a concerning security posture, largely due to its significant number of unprotected entry points and a history of numerous vulnerabilities. While the plugin utilizes prepared statements for a majority of its SQL queries and has a reasonable rate of output escaping, these positive aspects are overshadowed by critical weaknesses. The static analysis reveals a large attack surface with 35 out of 42 entry points lacking authentication checks, a major red flag for potential unauthorized access and actions. The presence of the `unserialize` function, even if only one, is a known risk for deserialization vulnerabilities if not handled with extreme care and input validation.

The vulnerability history is particularly alarming. With 10 known CVEs, 6 of which are currently unpatched, and a significant portion being high severity, this plugin has a demonstrated track record of being insecure. The common vulnerability types like SQL Injection, Path Traversal, XSS, and Missing Authorization directly correlate with the identified weaknesses in the static analysis, such as unprotected AJAX handlers and the potential for unsanitized input. The last vulnerability being in February 2026, while in the future, is likely a data artifact and indicates a recent history of exploitation.

In conclusion, despite some good practices in SQL and output handling, the "infility-global" plugin has a high-risk profile. The extensive unprotected attack surface, coupled with a persistent history of serious, unpatched vulnerabilities, makes it a significant liability for any WordPress site. Users should strongly consider disabling or replacing this plugin until these critical issues are addressed.

Key Concerns

Unprotected AJAX handlers
Unpatched CVEs (6 total)
High severity unpatched CVEs (4 total)
Dangerous function: unserialize
Taint analysis: Flows with unsanitized paths
Missing nonce checks
Missing capability checks

Vulnerabilities

11 published

Infility Global Security Vulnerabilities

CVEs by Year

8 CVEs in 2025 · unpatched

2025

3 CVEs in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

High

4

Medium

7

11 total CVEs

CVE-2026-8685medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

May 19, 2026Unpatched

CVE-2025-15268high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass

Feb 3, 2026Unpatched

CVE-2025-68864high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Infility Global <= 2.14.49 - Unauthenticated Stored Cross-Site Scripting

Jan 15, 2026Unpatched

CVE-2025-68865high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Infility Global <= 2.14.49 - Unauthenticated SQL Injection

Dec 31, 2025Unpatched

CVE-2025-12968high · 8.8Unrestricted Upload of File with Dangerous Type

Infility Global <= 2.14.42 - Authenticated (Subscriber+) Arbitrary File Upload

Dec 11, 2025 Patched in 2.14.43 (26d)

CVE-2025-47650medium · 6.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Infility Global <= 2.14.7 - Authenticated (Subscriber+) Arbitrary File Download

Aug 14, 2025Unpatched

CVE-2025-47652medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Infility Global <= 2.13.4 - Reflected Cross-Site Scripting

Jul 7, 2025 Patched in 2.13.5 (12d)

CVE-2025-52774medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Infility Global <= 2.13.4 - Reflected Cross-Site Scripting

Jun 23, 2025Unpatched

CVE-2025-47651medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Infility Global <= 2.12.7 - Authenticated (Subscriber+) SQL Injection

May 29, 2025Unpatched

CVE-2024-11496medium · 6.5Missing Authorization

Infility Global <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Update

Jan 6, 2025 Patched in 2.9.9 (24d)

CVE-2024-12290medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Infility Global <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter

Jan 6, 2025 Patched in 2.9.9 (49d)

Version History

Infility Global Release Timeline

v1.4.111 CVEs

CVE-2025-47652 CVE-2025-12968 CVE-2025-68864 +8 more

v1.411 CVEs

CVE-2025-47652 CVE-2025-12968 CVE-2025-68864 +8 more

v1.3.111 CVEs

CVE-2025-47652 CVE-2025-12968 CVE-2025-68864 +8 more

v1.311 CVEs

CVE-2025-47652 CVE-2025-12968 CVE-2025-68864 +8 more

v1.211 CVEs

CVE-2025-47652 CVE-2025-12968 CVE-2025-68864 +8 more

v1.111 CVEs

CVE-2025-47652 CVE-2025-12968 CVE-2025-68864 +8 more

v1.011 CVEs

CVE-2025-47652 CVE-2025-12968 CVE-2025-68864 +8 more

Code Analysis

Analyzed Mar 16, 2026

Infility Global Code Analysis

Dangerous Functions

1

Raw SQL Queries

20

60 prepared

Unescaped Output

172

388 escaped

Nonce Checks

6

Capability Checks

9

File Operations

174

External Requests

8

Bundled Libraries

0

Dangerous Functions Found

unserialize$this->{$key} = unserialize(serialize($val));widgets\infility-import-data\include\PhpSpreadsheet\src\PhpSpreadsheet\Worksheet\Worksheet.php:3469

SQL Query Safety

75% prepared80 total queries

Output Escaping

69% escaped560 total outputs

Data Flows · Security

23 unsanitized

Data Flow Analysis

25 flows23 with unsanitized paths

save_js_error (include\InfilityGlobalErrorRecord.php:263)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

35 unprotected

Infility Global Attack Surface

Entry Points42

Unprotected35

AJAX Handlers 39

authwp_ajax_infility_global_ajaxinfility_global.php:179

noprivwp_ajax_tenweb_cache_clear_allinfility_global.php:182

authwp_ajax_block_ipwidgets\block-ip\block-ip.php:19

noprivwp_ajax_get_tracking_infowidgets\contact-form-plugins\contact-form-plugins.php:28

authwp_ajax_get_tracking_infowidgets\contact-form-plugins\contact-form-plugins.php:29

authwp_ajax_get_taxonomy_termswidgets\elementor-tab\elementor-tab.php:33

noprivwp_ajax_get_taxonomy_termswidgets\elementor-tab\elementor-tab.php:34

authwp_ajax_get_taxonomies_for_post_typewidgets\elementor-tab\elementor-tab.php:35

noprivwp_ajax_get_taxonomies_for_post_typewidgets\elementor-tab\elementor-tab.php:36

authwp_ajax_get_posts_for_editorwidgets\elementor-tab\elementor-tab.php:37

noprivwp_ajax_get_posts_for_editorwidgets\elementor-tab\elementor-tab.php:38

authwp_ajax_get_posts_with_paginationwidgets\elementor-tab\elementor-tab.php:39

noprivwp_ajax_get_posts_with_paginationwidgets\elementor-tab\elementor-tab.php:40

authwp_ajax_infility_chat_toolwidgets\infility-chat-tool\infility-chat-tool.php:13

authwp_ajax_InfilityGlobal_InfilityForm_get_optionswidgets\infility-form\infility-form.php:13

authwp_ajax_InfilityGlobal_InfilityForm_set_optionswidgets\infility-form\infility-form.php:14

authwp_ajax_InfilityGlobal_InfilityForm_clear_cachewidgets\infility-form\infility-form.php:15

authwp_ajax_import_datawidgets\infility-import-data\infility-import-data.php:11

authwp_ajax_get_site_fieldwidgets\infility-import-data\infility-import-data.php:13

authwp_ajax_get_post_detailwidgets\infility-import-data\infility-import-data.php:14

authwp_ajax_search_category_pagewidgets\infility-import-data\infility-import-data.php:15

authwp_ajax_search_category_postwidgets\infility-import-data\infility-import-data.php:16

authwp_ajax_search_site_categorywidgets\infility-import-data\infility-import-data.php:18

authwp_ajax_search_site_productwidgets\infility-import-data\infility-import-data.php:19

authwp_ajax_search_site_blogswidgets\infility-import-data\infility-import-data.php:20

authwp_ajax_get_site_productswidgets\infility-import-data\infility-import-data.php:21

authwp_ajax_get_site_blogswidgets\infility-import-data\infility-import-data.php:22

authwp_ajax_add_termwidgets\infility-import-data\infility-import-data.php:23

authwp_ajax_add_postwidgets\infility-import-data\infility-import-data.php:24

authwp_ajax_get_excel_fieldwidgets\infility-import-data\infility-import-data.php:26

authwp_ajax_add_excel_postwidgets\infility-import-data\infility-import-data.php:27

authwp_ajax_get_extract_filewidgets\infility-import-data\infility-import-data.php:28

authwp_ajax_import_main_imagewidgets\infility-import-data\infility-import-data.php:29

authwp_ajax_infility_redirectwidgets\infility-redirect\infility-redirect.php:21

authwp_ajax_install_translationwidgets\infility-translate-tool\infility-translate-tool.php:7

authwp_ajax_open_translationwidgets\infility-translate-tool\infility-translate-tool.php:8

authwp_ajax_translate_positionwidgets\infility-translate-tool\infility-translate-tool.php:9

authwp_ajax_infility_global_keyword_pages_ajaxwidgets\keyword-pages\keyword-pages.php:14

noprivwp_ajax_infility_global_keyword_pages_ajaxwidgets\keyword-pages\keyword-pages.php:15

Shortcodes 3

[infility_power_by] infility_global.php:175

[infility_form] widgets\infility-form\infility-form.php:11

[infility_global_keywords] widgets\keyword-pages\keyword-pages.php:17

WordPress Hooks 59

actionwpinclude\InfilityGlobalErrorRecord.php:14

actionwp_headinclude\InfilityGlobalErrorRecord.php:38

filterauthenticateinclude\login-security.php:28

filterauthenticateinclude\login-security.php:29

actioninitinfility_global.php:166

actioninitinfility_global.php:167

actioninitinfility_global.php:168

actionadmin_menuinfility_global.php:169

actionwp_enqueue_scriptsinfility_global.php:171

actionadmin_enqueue_scriptsinfility_global.php:172

filtermime_typesinfility_global.php:205

actionadmin_enqueue_scriptswidgets\block-ip\block-ip.php:13

actioninitwidgets\block-ip\block-ip.php:17

actionwp_headwidgets\consent-mode\consent-mode.php:10

actioninitwidgets\contact-form-plugins\contact-form-plugins.php:12

actionwp_footerwidgets\contact-form-plugins\contact-form-plugins.php:16

actionwp_enqueue_scriptswidgets\contact-form-plugins\contact-form-plugins.php:19

filterwpcf7_form_response_outputwidgets\contact-form-plugins\contact-form-plugins.php:26

filterwpcf7_mail_componentswidgets\contact-form-plugins\contact-form-plugins.php:31

actionwp_enqueue_scriptswidgets\elementor-tab\elementor-tab.php:16

actionelementor/elements/categories_registeredwidgets\elementor-tab\elementor-tab.php:20

actionelementor/widgets/registerwidgets\elementor-tab\elementor-tab.php:23

actionelementor/widgets/registerwidgets\elementor-tab\elementor-tab.php:24

actionelementor/widgets/registerwidgets\elementor-tab\elementor-tab.php:26

actionenqueue_block_editor_assetswidgets\gutenberg-tools\gutenberg-tools.php:5

actionwp_headwidgets\gutenberg-tools\gutenberg-tools.php:6

actionwp_enqueue_scriptswidgets\infility-chat-tool\infility-chat-tool.php:10

actionadmin_enqueue_scriptswidgets\infility-chat-tool\infility-chat-tool.php:11

actionwp_footerwidgets\infility-chat-tool\infility-chat-tool.php:16

actionwp_enqueue_scriptswidgets\infility-collect-data\infility-collect-data.php:5

actionelementor/widgets/registerwidgets\infility-form\infility-form.php:7

actionwp_headwidgets\infility-form\infility-form.php:18

actionadmin_enqueue_scriptswidgets\infility-import-data\infility-import-data.php:7

actioninitwidgets\infility-import-data\infility-import-data.php:8

actionadmin_menuwidgets\infility-import-data\infility-import-data.php:9

actionadmin_enqueue_scriptswidgets\infility-redirect\infility-redirect.php:18

actionplugins_loadedwidgets\infility-redirect\infility-redirect.php:20

actionadmin_enqueue_scriptswidgets\infility-translate-tool\infility-translate-tool.php:6

actioninitwidgets\infility-translate-tool\infility-translate-tool.php:11

actionwp_headwidgets\infility-translate-tool\infility-translate-tool.php:12

actionwp_footerwidgets\infility-translate-tool\infility-translate-tool.php:13

actionwp_enqueue_scriptswidgets\keyword-pages\keyword-pages.php:8

actionadmin_enqueue_scriptswidgets\keyword-pages\keyword-pages.php:9

actionplugins_loadedwidgets\keyword-pages\keyword-pages.php:10

filtertemplate_includewidgets\keyword-pages\keyword-pages.php:12

filterpre_get_document_titlewidgets\keyword-pages\keyword-pages.php:392

filterwpseo_opengraph_titlewidgets\keyword-pages\keyword-pages.php:397

actionwp_headwidgets\keyword-pages\keyword-pages.php:401

filterbody_classwidgets\keyword-pages\keyword-pages.php:416

actionwp_enqueue_scriptswidgets\prevent_copying\prevent_copying.php:6

actionwpwidgets\progress-bar\progress-bar.php:12

actionwp_footerwidgets\progress-bar\progress-bar.php:31

actionadmin_enqueue_scriptswidgets\show-control-data\show-control-data.php:5

actionedited_termwidgets\show-control-data\show-control-data.php:6

actioncreated_termwidgets\show-control-data\show-control-data.php:7

actionsave_postwidgets\show-control-data\show-control-data.php:8

actionadmin_menuwidgets\show-control-data\show-control-data.php:9

actionplugins_loadedwidgets\sitemap_for_multi_languages\sitemap_for_multi_languages.php:9

filterwpseo_sitemap_urlwidgets\sitemap_for_multi_languages\sitemap_for_multi_languages.php:48

Maintenance & Trust

Infility Global Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 15, 2026

PHP min version7.3

Downloads12K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Infility Global Alternatives

No alternatives data available yet.

Developer Profile

Infility Global Developer Profile

Infility

1 plugin · 100 total installs

45

trust score

Avg Security Score

30/100

Avg Patch Time

28 days

View full developer profile

Detection Fingerprints

How We Detect Infility Global

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/infility-global/css/infility-global.css/wp-content/plugins/infility-global/js/infility-global.js/wp-content/plugins/infility-global/js/infility_global_chat_tool.js/wp-content/plugins/infility-global/js/infility_global_data_collection.js/wp-content/plugins/infility-global/js/infility_global_lang_switch.js/wp-content/plugins/infility-global/js/infility_global_login_security.js/wp-content/plugins/infility-global/js/infility_global_redirect.js/wp-content/plugins/infility-global/js/infility_global_sitemap.js+4 more

Script Paths

/wp-content/plugins/infility-global/js/infility-global.js/wp-content/plugins/infility-global/js/infility_global_chat_tool.js/wp-content/plugins/infility-global/js/infility_global_data_collection.js/wp-content/plugins/infility-global/js/infility_global_lang_switch.js/wp-content/plugins/infility-global/js/infility_global_login_security.js/wp-content/plugins/infility-global/js/infility_global_redirect.js+5 more

Version Parameters

infility-global/css/infility-global.css?ver=infility-global/js/infility-global.js?ver=infility-global/js/infility_global_chat_tool.js?ver=infility-global/js/infility_global_data_collection.js?ver=infility-global/js/infility_global_lang_switch.js?ver=infility-global/js/infility_global_login_security.js?ver=infility-global/js/infility_global_redirect.js?ver=infility-global/js/infility_global_sitemap.js?ver=infility-global/js/infility_global_whatsapp.js?ver=infility-global/js/infility_global_elementor_posts.js?ver=infility-global/js/infility_global_gutenberg.js?ver=infility-global/js/infility_global_reading_progress.js?ver=

HTML / DOM Fingerprints

CSS Classes

infility-global-chat-tool-box

HTML Comments

infility_global_chat_tool.js

JS Globals

infility_global_ajax_objectinfility_global_config

REST Endpoints

/wp-json/infility-global/v1/ajax

Shortcode Output

[infility_power_by]

FAQ

Infility Global Security & Risk Analysis

Is Infility Global Safe to Use in 2026?

High Risk

Key Concerns

Infility Global Security Vulnerabilities

CVEs by Year

Severity Breakdown

Infility Global Release Timeline

Infility Global Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Infility Global Attack Surface

AJAX Handlers 39

Shortcodes 3

Infility Global Maintenance & Trust

Maintenance Signals

Community Trust

Infility Global Alternatives

Infility Global Developer Profile

How We Detect Infility Global

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Infility Global