EUVD-2020-23754

Malware in sbrugna...

EUVD-2018-19164

Malware in sbrugna...

CVE-2020-36176

The iThemes Security formerly Better WP Security plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs...

WordPress 6.4.3 Username Disclosure

Title: wordpress 6.4.3 - Username Disclosure Author: h4shur date:2024-02-21 Vendor Homepage: https://www.wordpress.org Software Link: https://www.wordpress.org/download Version: 6.4.3 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Description : the REST API allo...

WordPress MainWP iThemes Security Extension Plugin <= 4.1.1 is vulnerable to Broken Access Control

Software MainWP iThemes Security Extension Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23643 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 4ac1fa6eea51 Credits Dave...

iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) - Hide Backend Bypass

Both the iThemes Security free and pro versions were affected. - Patched in Version iThemes Security: 7.9.1 - Patched in Version iThemes Security Pro: 6.8.4 The bug allowed attackers to bypass the "Hide Backend" feature, that, when enabled, hides the WordPress wp-login.php and wp-admin pages...

iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) - Hide Backend Bypass

Both the iThemes Security free and pro versions were affected. - Patched in Version iThemes Security: 7.9.1 - Patched in Version iThemes Security Pro: 6.8.4 The bug allowed attackers to bypass the "Hide Backend" feature, that, when enabled, hides the WordPress wp-login.php and wp-admin pages...

WordPress iThemes Security Pro premium plugin <= 6.8.3 - Hide Backend Bypass vulnerability

Hide Backend Bypass vulnerability discovered by Julio Potier SecuPress in WordPress iThemes Security Pro premium plugin versions = 6.8.3. Solution Update the WordPress iThemes Security Pro premium plugin to the latest available version at least 6.8.4...

WordPress iThemes Security plugin <= 7.9.0 - Hide Backend Bypass vulnerability

Hide Backend Bypass vulnerability discovered by Julio Potier SecuPress in WordPress iThemes Security plugin versions = 7.9.0. Solution Update the WordPress iThemes Security plugin to the latest available version at least 7.9.1...

WordPress iThemes Security Plugin < 7.7.0 Incorrect Authorization Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113811";...

Wordpress Ithemes Security Plugin Handles Logic Error Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in Wordpress Ithemes Security Plugin versions prior to 7.7.0, which...

CVE-2020-36176

The iThemes Security formerly Better WP Security plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs...

CVE-2020-36176

The iThemes Security formerly Better WP Security plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs...

CVE-2020-36176

The iThemes Security formerly Better WP Security plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs...

Security feature bypass

The iThemes Security formerly Better WP Security plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs...

CVE-2020-36176

The iThemes Security formerly Better WP Security plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs...

CVE-2020-36176

The CVE-2020-36176 affects the WordPress iThemes Security (formerly Better WP Security) plugin prior to version 7.7.0. The root issue is that the plugin does not enforce a new-password requirement for an existing account until the second login occurs, potentially leaving an account with a weak pa...

Wordpress Ithemes Security Plugin 处理逻辑错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in Wordpress Ithemes Security Plugin versions prior to 7.7.0, which...

iThemes Security < 7.7.0 - New-Password Requirements Not Enforced Until second Login

The plugin did not enforce new-password requirements for existing accounts until the second login occurred, which could leave an account configured with a potentially weak password until the user changes it...

WordPress iThemes Security Plugin SQL Injection (CVE-2018-12636)

A SQL injection vulnerability exists in WordPress iThemes Security Plugin . Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...