WordPress Plugin Vulnerabilities

iThemes Sync <= 2.0.17 - Insufficient Secure Key Validation

Description

iThemes Sync allows users to manage multiple websites from a single dashboard. This vulnerability, affecting secret key validation, could lead to full compromise of a WordPress site.

Affects Plugins

Plugin icon
ithemes-sync
Fixed in 2.0.18

References

URL
https://ithemes.com/important-ithemes-sync-vulnerability-patched/
URL
https://plugins.trac.wordpress.org/changeset/2170620/ithemes-sync

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Original Researcher
iThemes
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
b9dd293b-88b2-46ce-9991-0c417a378488

Timeline

Publicly Published
2019-10-09 (about 6 years ago)
Added
2019-10-10 (about 6 years ago)
Last Updated
2019-11-28 (about 6 years ago)

Other

Published
Title
Published
2024-10-15
Title
UltimateAI <= 2.8.3 - Authentication Bypass
Published
2025-03-04
Title
WP Real Estate Manager <= 2.8 - Authentication Bypass
Published
2020-01-16
Title
WP Database Reset < 3.15 - Unauthenticated Database Reset
Published
2021-12-08
Title
Registration Magic < 5.0.1.8 - Authentication Bypass
Published
2015-03-04
Title
Dignitas 1.1.9 - Privilage Escalation