Home » Vulnerabilities » Weak configuration vulnerability in iThemes Security 7.9.1

Latest

Weak configuration vulnerability in iThemes Security 7.9.1

Severity: medium-risk
Status: Fixed
Publication: April 22, 2021

by setting the ‘disable_wordpress_login_php’ option to true. It is possible to get around the login page that is hidden in iThemes Security (versions lower than 7.9.1) and iThemes Security Pro (versions lower than 6.8.4) by setting the option named ‘disable_wordpress_login_php’ to true.

Detected in:

iThemes Security fixed vulnerable versions: >= * < 7.9.1

iThemes Security Pro fixed vulnerable versions: >= * < 6.8.4

Solid Security – Password, Two Factor Authentication, and Brute Force Protection fixed vulnerable versions:

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Weak configuration vulnerability in iThemes Security 7.9.1

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles

Latest

Passkeys: no need for Limit Login Attempts?

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Weak configuration vulnerability in iThemes Security 7.9.1

Detected in: