Vulnerabilities > Ithemes > Security

DATE CVE VULNERABILITY TITLE RISK
2018-06-22 CVE-2018-12636 SQL Injection vulnerability in Ithemes Security
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
network
low complexity
ithemes CWE-89
7.2
7.2
2018-03-02 CVE-2018-7433 Information Exposure Through Log Files vulnerability in Ithemes Security
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.
network
low complexity
ithemes CWE-532
5.0
5.0