Vulnerabilities > CVE-2020-36176 - Incorrect Authorization vulnerability in Ithemes Security

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
ithemes
CWE-863
NVD
Published: 2021-01-06
Updated: 2021-07-21

Summary

The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.

Vulnerable Configurations

Part Description Count
Application
Ithemes
49

Common Weakness Enumeration (CWE)

References