Vulnerabilities > Ithemes
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-13 | CVE-2022-31474 | Path Traversal vulnerability in Ithemes Backupbuddy 8.5.8.0/8.7.4.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | 7.5 |
2023-02-21 | CVE-2022-4897 | Unspecified vulnerability in Ithemes Backupbuddy 8.5.8.0/8.7.4.1/8.7.5.0 The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting | 6.1 |
2021-01-06 | CVE-2020-36176 | Incorrect Authorization vulnerability in Ithemes Security The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. | 5.0 |
2020-07-02 | CVE-2020-14092 | SQL Injection vulnerability in Ithemes Paypal PRO The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection. | 7.5 |
2019-08-28 | CVE-2015-9379 | Cross-site Scripting vulnerability in Ithemes Builder Style Manager iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 4.3 |
2019-08-28 | CVE-2015-9378 | Cross-site Scripting vulnerability in Ithemes Builder Theme Market iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 4.3 |
2019-08-28 | CVE-2015-9377 | Cross-site Scripting vulnerability in Ithemes Builder Theme Depot iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 4.3 |
2019-08-28 | CVE-2015-9376 | Cross-site Scripting vulnerability in Ithemes Mobile iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 4.3 |
2019-08-28 | CVE-2015-9375 | Cross-site Scripting vulnerability in Ithemes Table Rate Shipping Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 4.3 |
2019-08-28 | CVE-2015-9374 | Cross-site Scripting vulnerability in Ithemes Stripe Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 4.3 |