🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Solid Security – Password, Two Factor Authentication, and Brute Force Protection

Information

Software Type	Plugin
Software Slug	better-wp-security (view on wordpress.org)
Software Status	Active
Software Author	ithemes
Software Website	solidwp.com
Software Downloads	31,725,692
Software Active Installs	900,000
Software Record Last Updated	July 26, 2024

19 Vulnerabilities

Solid Security <= 9.3.1 - IP Address Spoofing to Denial of Service

5.3

CVE-2022-44593

Jun 20, 2024

Researcher: Snicco

Solid Security Basic <= 9.0.0 - Unauthenticated Login Page Disclosure

5.3

CVE ID Unknown

Oct 31, 2023

Researcher: Naveen Muthusamy

iThemes Security <= 8.1.4 - Open Redirection via redirect_to_https

4.7

CVE-2023-28786

Mar 27, 2023

Researcher: nlpro

iThemes Security < 7.9.1 and iThemes Security Pro < 6.8.4 - Hidden Login Bypass

5.3

CVE ID Unknown

Apr 22, 2021

Researcher: Julio Potier

iThemes Security <= 7.6.1 - Broken Password Mechanism

7.5

CVE-2020-36176

Jan 6, 2021

Researchers:

iThemes Security <= 7.0.2 - Authenticated SQL Injection

7.2

CVE-2018-12636

Jun 25, 2018

Researcher: Çlirim Emini

iThemes Security <= 6.9.0 - Cross-Site Scripting

7.5

CVE-2018-7433

Mar 5, 2018

Researchers:

iThemes Security <= 5.6.1 - Stored Cross-Site Scripting

6.4

CVE ID Unknown

Oct 6, 2016

Researcher: Slavco Mihajloski

iThemes Security <= 5.6.1 - Sensitive Information Exposure via Diff Response

5.3

CVE ID Unknown

Sep 27, 2016

Researcher: Leon Atkinson of 18INT

iThemes Security <= 5.3.5 - Missing Capabilities Check

7.4

CVE ID Unknown

Apr 25, 2016

Researcher: Julio Potier

iThemes Security < 5.3.1 - Insecure Backup/Logfile Generation

5.3

CVE ID Unknown

Apr 21, 2016

Researcher: Nicolas Chatelain (Sysdream Labs)

iThemes Security < 5.3.5 - Authenticated Cross-Site Scripting

3.3

CVE ID Unknown

Apr 5, 2016

Researcher: PenTest Partners

iThemes Security <= 4.6.12 - Stored Cross-Site Scripting

6.5

CVE ID Unknown

Apr 14, 2015

Researcher: Ole Aass

iThemes Security < 3.6.4 - Stored Cross-Site Scripting

8.3

CVE ID Unknown

Aug 1, 2014

Researchers: Yashar Shahinzadeh, Mormoroth

Better WP Security <= 3.6.3 - Stored Cross-Site Scripting

6.4

CVE ID Unknown

Aug 1, 2014

Researcher: Yashar Shahinzadeh

Better WP Security <= 3.5.3 - Stored Cross-Site Scripting

7.2

CVE ID Unknown

Aug 1, 2014

Researcher: Richard Warren

iThemes Security < 3.4.4 - Cross-Site Scripting

6.5

CVE ID Unknown

Aug 20, 2012

Researcher: Benjamin Kunz Mejri

iThemes Security < 3.2.5 - Cross-Site Scripting

7.2

CVE-2012-4263

May 11, 2012

Researcher: SiNA Rabbani

Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting

6.1

CVE-2012-4264

May 11, 2012

Researchers:

Title	Status	CVE ID	CVSS	Researchers	Date
Solid Security <= 9.3.1 - IP Address Spoofing to Denial of Service	Patched	CVE-2022-44593	5.3	Snicco	June 20, 2024
Solid Security Basic <= 9.0.0 - Unauthenticated Login Page Disclosure	Patched		5.3	Naveen Muthusamy	October 31, 2023
iThemes Security <= 8.1.4 - Open Redirection via redirect_to_https	Patched	CVE-2023-28786	4.7	nlpro	March 27, 2023
iThemes Security < 7.9.1 and iThemes Security Pro < 6.8.4 - Hidden Login Bypass	Patched		5.3	Julio Potier	April 22, 2021
iThemes Security <= 7.6.1 - Broken Password Mechanism	Patched	CVE-2020-36176	7.5		January 6, 2021
iThemes Security <= 7.0.2 - Authenticated SQL Injection	Patched	CVE-2018-12636	7.2	Çlirim Emini	June 25, 2018
iThemes Security <= 6.9.0 - Cross-Site Scripting	Patched	CVE-2018-7433	7.5		March 5, 2018
iThemes Security <= 5.6.1 - Stored Cross-Site Scripting	Patched		6.4	Slavco Mihajloski	October 6, 2016
iThemes Security <= 5.6.1 - Sensitive Information Exposure via Diff Response	Patched		5.3	Leon Atkinson of 18INT	September 27, 2016
iThemes Security <= 5.3.5 - Missing Capabilities Check	Patched		7.4	Julio Potier	April 25, 2016
iThemes Security < 5.3.1 - Insecure Backup/Logfile Generation	Patched		5.3	Nicolas Chatelain (Sysdream Labs)	April 21, 2016
iThemes Security < 5.3.5 - Authenticated Cross-Site Scripting	Patched		3.3	PenTest Partners	April 5, 2016
iThemes Security <= 4.6.12 - Stored Cross-Site Scripting	Patched		6.5	Ole Aass	April 14, 2015
iThemes Security < 3.6.4 - Stored Cross-Site Scripting	Patched		8.3	Yashar Shahinzadeh, Mormoroth	August 1, 2014
Better WP Security <= 3.6.3 - Stored Cross-Site Scripting	Patched		6.4	Yashar Shahinzadeh	August 1, 2014
Better WP Security <= 3.5.3 - Stored Cross-Site Scripting	Patched		7.2	Richard Warren	August 1, 2014
iThemes Security < 3.4.4 - Cross-Site Scripting	Patched		6.5	Benjamin Kunz Mejri	August 20, 2012
iThemes Security < 3.2.5 - Cross-Site Scripting	Patched	CVE-2012-4263	7.2	SiNA Rabbani	May 11, 2012
Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting	Patched	CVE-2012-4264	6.1		May 11, 2012

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation