Vulnerabilities > Ithemes > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-28 CVE-2015-9370 Cross-site Scripting vulnerability in Ithemes Invoices
Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
ithemes CWE-79
4.3
4.3
2019-08-28 CVE-2015-9369 Cross-site Scripting vulnerability in Ithemes Easy US Sales Taxes
Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
ithemes CWE-79
4.3
4.3
2019-08-28 CVE-2015-9368 Cross-site Scripting vulnerability in Ithemes Easy EU Value Added (Vat) Taxes
Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
ithemes CWE-79
4.3
4.3
2019-08-28 CVE-2015-9367 Cross-site Scripting vulnerability in Ithemes Easy Canadian Sales Taxes
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
ithemes CWE-79
4.3
4.3
2019-08-28 CVE-2015-9366 Cross-site Scripting vulnerability in Ithemes Custom URL Tracking
Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
ithemes CWE-79
4.3
4.3
2019-08-28 CVE-2015-9365 Cross-site Scripting vulnerability in Ithemes Authorize.Net
Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
ithemes CWE-79
4.3
4.3
2019-08-28 CVE-2015-9363 Cross-site Scripting vulnerability in Ithemes Exchange
iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
ithemes CWE-79
4.3
4.3
2018-03-02 CVE-2018-7433 Information Exposure Through Log Files vulnerability in Ithemes Security
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.
network
low complexity
ithemes CWE-532
5.0
5.0
2013-04-02 CVE-2013-2744 Information Exposure vulnerability in Ithemes Backupbuddy 2.2.25
importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function.
network
low complexity
ithemes wordpress CWE-200
5.0
5.0