Vulnerabilities > Ithemes

DATE CVE VULNERABILITY TITLE RISK
2023-03-13 CVE-2022-31474 Unspecified vulnerability in Ithemes Backupbuddy 8.5.8.0/8.7.4.1
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1.
network
low complexity
ithemes
7.5
2023-02-21 CVE-2022-4897 Unspecified vulnerability in Ithemes Backupbuddy 8.5.8.0/8.7.4.1/8.7.5.0
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting
network
low complexity
ithemes
6.1
2021-01-06 CVE-2020-36176 Improper Authentication vulnerability in Ithemes Security
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.
network
low complexity
ithemes CWE-287
7.5
2020-07-02 CVE-2020-14092 SQL Injection vulnerability in Ithemes Paypal PRO
The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection.
network
low complexity
ithemes CWE-89
critical
9.8
2019-08-28 CVE-2015-9379 Cross-site Scripting vulnerability in Ithemes Builder Style Manager
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9378 Cross-site Scripting vulnerability in Ithemes Builder Theme Market
iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9377 Cross-site Scripting vulnerability in Ithemes Builder Theme Depot
iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9376 Cross-site Scripting vulnerability in Ithemes Mobile
iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9375 Cross-site Scripting vulnerability in Ithemes Table Rate Shipping
Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1
2019-08-28 CVE-2015-9374 Cross-site Scripting vulnerability in Ithemes Stripe
Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
ithemes CWE-79
6.1