CVE-2020-36176

The iThemes Security formerly Better WP Security plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs...

Wordpress Ithemes Security Plugin Handles Logic Error Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in Wordpress Ithemes Security Plugin versions prior to 7.7.0, which...

WordPress iThemes Security Plugin < 7.0.3 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin iThemes Securitybetter-wp-security = 7.0.2 - Authenticated SQL Injection Exploit Author: Çlirim Emini Website: https://www.sentry.co.com/ Vendor Homepage: https://ithemes.com/ Software Link:...

iThemes Security <= 7.0.2 - Authenticated SQL Injection

The iThemes Security better-wp-security plugin before 7.0.3 for WordPress allows SQL Injection by attackers with Admin privileges via the logs page. Vulnerability description: iThemes Security appears to be vulnerable to time-based SQL-Injection. Parameter orderby is vulnerable because backend...

WordPress iThemes Security Plugin <= 5.6.1 - Stored XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

WordPress iThemes Security Plugin Local File Access

A local file access vulnerability exists in WordPress iThemes Security Plugin. Successful exploitation of this vulnerability could allow an attacker to read and obtain backup and log files from the victim's computer...