Vulnerabilities > Ithemes > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-13 | CVE-2022-31474 | Unspecified vulnerability in Ithemes Backupbuddy 8.5.8.0/8.7.4.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | 7.5 |
| 2021-01-06 | CVE-2020-36176 | Improper Authentication vulnerability in Ithemes Security The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. | 7.5 |
| 2018-06-22 | CVE-2018-12636 | SQL Injection vulnerability in Ithemes Security The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. | 7.2 |
| 2018-03-02 | CVE-2018-7433 | Information Exposure Through Log Files vulnerability in Ithemes Security The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. | 7.5 |