iThemes Security

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   iThemes Security

Information

Software Type Plugin
Software Slug better-wp-security (view on wordpress.org)
Software Status Active
Software Author ithemes
Software Website ithemes.com
Software Downloads 27,980,025
Software Active Installs 900,000
Software Record Last Updated September 24, 2023

17 vulnerabilities

iThemes Security <= 8.1.4 - Open Redirection via redirect_to_https
4.7
CVE-2023-28786
Mar 27, 2023
Researcher: nlpro
iThemes Security < 7.9.1 and iThemes Security Pro < 6.8.4 - Hidden Login Bypass
5.3
CVE ID Unknown
Apr 22, 2021
Researcher: Julio Potier
iThemes Security <= 7.6.1 - Broken Password Mechanism
7.5
CVE-2020-36176
Jan 6, 2021
Researchers:
iThemes Security <= 7.0.2 - Authenticated SQL Injection
7.2
CVE-2018-12636
Jun 25, 2018
Researcher: Çlirim Emini
iThemes Security <= 6.9.0 - Cross-Site Scripting
7.5
CVE-2018-7433
Mar 5, 2018
Researchers:
iThemes Security <= 5.6.1 - Stored Cross-Site Scripting
6.4
CVE ID Unknown
Oct 6, 2016
Researcher: Slavco Mihajloski
iThemes Security <= 5.6.1 - Sensitive Information Exposure via Diff Response
5.3
CVE ID Unknown
Sep 27, 2016
Researcher: Leon Atkinson of 18INT
iThemes Security <= 5.3.5 - Missing Capabilities Check
7.4
CVE ID Unknown
Apr 25, 2016
Researcher: Julio Potier
iThemes Security < 5.3.1 - Insecure Backup/Logfile Generation
5.3
CVE ID Unknown
Apr 21, 2016
Researcher: Nicolas Chatelain (Sysdream Labs)
iThemes Security < 5.3.5 - Authenticated Cross-Site Scripting
3.3
CVE ID Unknown
Apr 5, 2016
Researcher: PenTest Partners
iThemes Security <= 4.6.12 - Stored Cross-Site Scripting
6.5
CVE ID Unknown
Apr 14, 2015
Researcher: Ole Aass
iThemes Security < 3.6.4 - Stored Cross-Site Scripting
8.3
CVE ID Unknown
Aug 1, 2014
Researchers: Yashar Shahinzadeh, Mormoroth
Better WP Security <= 3.6.3 - Stored Cross-Site Scripting
6.4
CVE ID Unknown
Aug 1, 2014
Researcher: Yashar Shahinzadeh
Better WP Security <= 3.5.3 - Stored Cross-Site Scripting
7.2
CVE ID Unknown
Aug 1, 2014
Researcher: Richard Warren
iThemes Security < 3.4.4 - Cross-Site Scripting
6.5
CVE ID Unknown
Aug 20, 2012
Researcher: Benjamin Kunz Mejri
Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting
6.1
CVE-2012-4264
May 11, 2012
Researchers:
iThemes Security < 3.2.5 - Cross-Site Scripting
7.2
CVE-2012-4263
May 11, 2012
Researcher: SiNA Rabbani
Title CVE ID CVSS Researchers Date
iThemes Security <= 8.1.4 - Open Redirection via redirect_to_https CVE-2023-28786 4.7 nlpro March 27, 2023
iThemes Security < 7.9.1 and iThemes Security Pro < 6.8.4 - Hidden Login Bypass 5.3 Julio Potier April 22, 2021
iThemes Security <= 7.6.1 - Broken Password Mechanism CVE-2020-36176 7.5 January 6, 2021
iThemes Security <= 7.0.2 - Authenticated SQL Injection CVE-2018-12636 7.2 Çlirim Emini June 25, 2018
iThemes Security <= 6.9.0 - Cross-Site Scripting CVE-2018-7433 7.5 March 5, 2018
iThemes Security <= 5.6.1 - Stored Cross-Site Scripting 6.4 Slavco Mihajloski October 6, 2016
iThemes Security <= 5.6.1 - Sensitive Information Exposure via Diff Response 5.3 Leon Atkinson of 18INT September 27, 2016
iThemes Security <= 5.3.5 - Missing Capabilities Check 7.4 Julio Potier April 25, 2016
iThemes Security < 5.3.1 - Insecure Backup/Logfile Generation 5.3 Nicolas Chatelain (Sysdream Labs) April 21, 2016
iThemes Security < 5.3.5 - Authenticated Cross-Site Scripting 3.3 PenTest Partners April 5, 2016
iThemes Security <= 4.6.12 - Stored Cross-Site Scripting 6.5 Ole Aass April 14, 2015
iThemes Security < 3.6.4 - Stored Cross-Site Scripting 8.3 Yashar Shahinzadeh, Mormoroth August 1, 2014
Better WP Security <= 3.6.3 - Stored Cross-Site Scripting 6.4 Yashar Shahinzadeh August 1, 2014
Better WP Security <= 3.5.3 - Stored Cross-Site Scripting 7.2 Richard Warren August 1, 2014
iThemes Security < 3.4.4 - Cross-Site Scripting 6.5 Benjamin Kunz Mejri August 20, 2012
Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting CVE-2012-4264 6.1 May 11, 2012
iThemes Security < 3.2.5 - Cross-Site Scripting CVE-2012-4263 7.2 SiNA Rabbani May 11, 2012

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation