CVE-2018-12636

The CVE concerns WordPress iThemes Security (better-wp-security) plugin, prior to version 7.0.3. An authenticated admin can exploit an SQL injection via the itsec-logs page (log-orderby parameter) due to improper handling of the ORDER BY clause, enabling arbitrary SQL execution. Remediation: upgr...

CVE-2018-7433

The CVE affects the WordPress iThemes Security plugin prior to 6.9.1. It stems from improper data escaping on the logs page, enabling information disclosure (Confidentiality Impact: High per CVSS). Mitigation: upgrade to 6.9.1 or later. The provided sources confirm the affected component and fix ...