iThemes Security

Input validation vulnerability in iThemes Security 3.6.3

The Better WP Security plugin for WordPress has a security flaw in versions up to 3.6.3. This flaw makes it possible for attackers who have already logged into the system to insert malicious web scri...

Input validation vulnerability in iThemes Security 5.3.5

The iThemes Security plugin for WordPress is vulnerable to a type of attack called Cross-Site Scripting (XSS). Versions up to and including 5.3.4 of the plugin have a security flaw that does not prop...

Input validation vulnerability in iThemes Security 3.2.4

The Better WP Security plugin for WordPress had multiple security flaws allowing remote attackers to put malicious code on websites using the plugin. This code could allow attackers to access or modif...

Input validation vulnerability in iThemes Security 3.4.4

The iThemes Security plugin for WordPress is vulnerable to malicious code being injected into webpages. This vulnerability affects versions up to and including 3.4.3. Unauthenticated attackers can in...

Input validation vulnerability in iThemes Security 4.6.13

The iThemes Security plugin for WordPress is vulnerable to a type of malicious code, called Stored Cross-Site Scripting, in versions up to and including 4.6.12. This vulnerability allows attackers to...

Input validation vulnerability in iThemes Security 6.9.0

The iThemes Security plugin for WordPress

Input validation vulnerability in iThemes Security 5.6.2

The iThemes Security for WordPress was vulnerable to a type of attack called Stored Cross-Site Scripting. This was possible because of a lack of protection against malicious inputs and outputs in ver...

Input validation vulnerability in iThemes Security 3.6.4

The iThemes Security plugin for WordPress has a security vulnerability in versions before 3.6.4 that could allow attackers to insert malicious code into pages on a website. When a user accesses an in...

Input validation vulnerability in iThemes Security 7.0.3

The iThemes Security plugin for WordPress before version 7.0.3 had a security flaw that allowed someone with Admin privileges to perform an attack called SQL Injection on the logs page.

Access violation vulnerability in iThemes Security 7.6.1

Input validation vulnerability in iThemes Security 3.2.5

The Better WP Security (iThemes) plugin for WordPress

Access violation vulnerability in iThemes Security 5.3.1

The iThemes Security plugin for WordPress is not secure in versions up to 5.3.0. This means that anyone can access the backup and log files created by the plugin, without needing to be authenticated ...

Access violation vulnerability in iThemes Security 5.3.6

The iThemes Security plugin for WordPress is not secure in versions up to 5.3.5. An attacker that is logged into the website can use this vulnerability to take administrative actions, such as creatin...

Weak configuration vulnerability in iThemes Security 7.9.1

by setting the ‘disable_wordpress_login_php’ option to true. It is possible to get around the login page that is hidden in iThemes Security (versions lower than 7.9.1) and iThemes Security Pro (v...

Input validation vulnerability in iThemes Security 3.5.3

The Better WP Security plugin for WordPress is vulnerable to a type of security problem called Stored Cross-Site Scripting. This vulnerability affects versions of the plugin up to and including versi...

Information leakage vulnerability in iThemes Security 5.6.1

The iThemes Security plugin for WordPress has a vulnerability in versions up to, and including 5.6.1, that could allow attackers to gain access to sensitive information. The vulnerability works by ca...

Input validation vulnerability in iThemes Security 8.1.4

The iThemes Security plugin for WordPress has a security issue in versions up to