Ithemes Security
by WordPress
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12636 | Hig | 0.52 | 7.2 | 0.30 | Jun 22, 2018 | The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. | ||
| CVE-2018-7433 | Hig | 0.49 | 7.5 | 0.01 | Mar 2, 2018 | The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. | ||
| CVE-2020-36176 | 0.00 | — | 0.01 | Jan 6, 2021 | The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. |
- risk 0.52cvss 7.2epss 0.30
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
- risk 0.49cvss 7.5epss 0.01
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.
- CVE-2020-36176Jan 6, 2021risk 0.00cvss —epss 0.01
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.