Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in iThemes Security 5.6.2

  • Severity: medium-risk
  • Status: Fixed
  • Publication: October 6, 2016

The iThemes Security for WordPress was vulnerable to a type of attack called Stored Cross-Site Scripting. This was possible because of a lack of protection against malicious inputs and outputs in versions up to and including 5.6.1. This type of attack allowed an authenticated attacker to inject malicious web scripts into pages, which would be executed whenever a user visited the page. To fix this, the plugin was updated so that certain types of requests would not be displayed without being checked first. Thanks to Slavco Mihajloski for informing us about this issue.

Detected in:

iThemes Security fixed vulnerable versions: >= * < 5.6.2
Solid Security – Password, Two Factor Authentication, and Brute Force Protection fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.