WordPress Plugin Vulnerabilities

iThemes Security <= 6.9.0 - Cross-Site Scripting (XSS)

Description

The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.

Affects Plugins

Plugin icon
better-wp-security
Fixed in 6.9.1

References

CVE
CVE-2018-7433
URL
https://plugins.trac.wordpress.org/changeset/1832516/better-wp-security
URL
https://plugins.trac.wordpress.org/changeset/1831843/better-wp-security

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.5 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
61f82c56-7f01-4724-8001-6004f1dac7cb

Timeline

Publicly Published
2018-03-05 (about 8 years ago)
Added
2018-03-05 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-04-16
Title
Mortgage Calculators WP < 1.60 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-07-03
Title
Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2022-04-05
Title
Pricing Table <= 1.5.2 - Author+ Stored Cross-Site Scripting
Published
2024-09-30
Title
DK PDF < 1.9.7 - Reflected Cross-Site Scripting
Published
2026-03-10
Title
Darna Framework <= 2.9 - Reflected Cross-Site Scripting