The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
7.2CVSS
7.4AI Score
0.925EPSS
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.
7.5CVSS
7.5AI Score
0.002EPSS
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.
7.5CVSS
7.5AI Score
0.001EPSS