Ithemes: Security Vulnerabilities
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1.
CVSS Score
7.5
EPSS Score
0.924
Published
2023-03-13
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.131
Published
2023-02-21
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-01-06
The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.869
Published
2020-07-02
Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
Page 1