WordPress Plugin Vulnerabilities

iThemes Security 3.0-4.6.12 – Stored Cross-Site Scripting (XSS)

Description

The iThemes Security (formerly Better WP Security) WordPress plugin was affected by security vulnerability.

Affects Plugins

Plugin icon
better-wp-security
Fixed in 4.6.13

References

URL
https://ithemes.com/2015/04/14/security-release-for-ithemes-security-update-to-v4-6-13-or-v1-14-18-pro-immediately/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
63f35fe6-b779-4c9e-b260-f6fb9cd0e231

Timeline

Publicly Published
2015-04-14 (about 11 years ago)
Added
2015-04-15 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-06-03
Title
Fluid Notification Bar <= 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2024-04-30
Title
Jeg Elementor Kit < 2.6.5 - Contributor+ Stored XSS via Elementor Widget URL Custom Attributes
Published
2026-01-06
Title
Recras WordPress plugin < 6.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'recrasname' Shortcode Attribute
Published
2025-09-26
Title
Map Categories to Pages <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-10-17
Title
Flat UI Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via flatbtn Shortcode