Vulnerabilities > Ithemes

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-13	CVE-2022-31474	Path Traversal vulnerability in Ithemes Backupbuddy 8.5.8.0/8.7.4.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. network low complexity ithemes CWE-22	7.5
2023-02-21	CVE-2022-4897	Unspecified vulnerability in Ithemes Backupbuddy 8.5.8.0/8.7.4.1/8.7.5.0 The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting network low complexity ithemes	6.1
2021-01-06	CVE-2020-36176	Incorrect Authorization vulnerability in Ithemes Security The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. network low complexity ithemes CWE-863	5.0
2020-07-02	CVE-2020-14092	SQL Injection vulnerability in Ithemes Paypal PRO The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection. network low complexity ithemes CWE-89	7.5
2019-08-28	CVE-2015-9379	Cross-site Scripting vulnerability in Ithemes Builder Style Manager iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). network ithemes CWE-79	4.3
2019-08-28	CVE-2015-9378	Cross-site Scripting vulnerability in Ithemes Builder Theme Market iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg(). network ithemes CWE-79	4.3
2019-08-28	CVE-2015-9377	Cross-site Scripting vulnerability in Ithemes Builder Theme Depot iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg(). network ithemes CWE-79	4.3
2019-08-28	CVE-2015-9376	Cross-site Scripting vulnerability in Ithemes Mobile iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg(). network ithemes CWE-79	4.3
2019-08-28	CVE-2015-9375	Cross-site Scripting vulnerability in Ithemes Table Rate Shipping Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). network ithemes CWE-79	4.3
2019-08-28	CVE-2015-9374	Cross-site Scripting vulnerability in Ithemes Stripe Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). network ithemes CWE-79	4.3

Vulnerabilities > Ithemes {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ithemes"}]}

Vulnerabilities > Ithemes