2 results (0.003 seconds)

CVSS: 5.4EPSS: %CPEs: 1EXPL: 0

The MainWP iThemes Security Extension plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 4.1.1 due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to activate arbitrary plugins. • CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. El plugin iThemes Security (anteriormente Better WP Security) versiones anteriores a 7.7.0 para WordPress, no aplica el requisito de una nueva contraseña para una cuenta existente hasta que el segundo inicio de sesión ocurre • https://wordpress.org/plugins/better-wp-security/#developers • CWE-286: Incorrect User Management CWE-287: Improper Authentication •