VYPR

Ithemes Security

by WordPress

CVEs (3)

  • CVE-2018-12636HigJun 22, 2018
    risk 0.52cvss 7.2epss 0.30

    The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.

  • CVE-2018-7433HigMar 2, 2018
    risk 0.49cvss 7.5epss 0.01

    The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.

  • CVE-2020-36176Jan 6, 2021
    risk 0.00cvss epss 0.01

    The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.