ThreatPress

WordPress Vulnerabilities Database

Back

WordPress iThemes Security <=6.9.0 - Cross-Site Scripting (XSS) vulnerability

Product
iThemes Security
Description
Cross-Site Scripting (XSS) vulnerability found by Paweł Kuryłowicz in WordPress iThemes Security (versions <=6.9.0).
Solution
Update the WordPress iThemes Security plugin to the latest available version (at least 6.9.1).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2018-7433
Versions
Affected In <=6.9.0
Fixed In 6.9.1
Disclosure date
2018-03-05
Credits
Paweł Kuryłowicz
Submitter
ThreatPress