Vulnerabilities (CVE)

Filtered by vendor Ithemes Subscribe
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4897 1 Ithemes 1 Backupbuddy 2024-11-21 N/A 6.1 MEDIUM
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting
CVE-2022-31474 1 Ithemes 1 Backupbuddy 2024-11-21 N/A 7.5 HIGH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1.
CVE-2020-36176 1 Ithemes 1 Ithemes Security 2024-11-21 5.0 MEDIUM 7.5 HIGH
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.
CVE-2020-14092 1 Ithemes 1 Paypal Pro 2024-11-21 7.5 HIGH 9.8 CRITICAL
The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection.
CVE-2018-7433 1 Ithemes 1 Security 2024-11-21 5.0 MEDIUM 7.5 HIGH
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.
CVE-2018-12636 1 Ithemes 1 Security 2024-11-21 6.5 MEDIUM 7.2 HIGH
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
CVE-2015-9379 1 Ithemes 1 Builder Style Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9378 1 Ithemes 1 Builder Theme Market 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9377 1 Ithemes 1 Builder Theme Depot 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9376 1 Ithemes 1 Mobile 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9375 1 Ithemes 1 Table Rate Shipping 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9374 1 Ithemes 1 Stripe 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9372 1 Ithemes 1 Membership 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9371 1 Ithemes 1 Manual Purchases 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9370 1 Ithemes 1 Invoices 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9369 1 Ithemes 1 Easy Us Sales Taxes 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9368 1 Ithemes 1 Easy Eu Value Added \(vat\) Taxes 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9367 1 Ithemes 1 Easy Canadian Sales Taxes 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9366 1 Ithemes 1 Custom Url Tracking 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9365 1 Ithemes 1 Authorize.net 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().